[May-15-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides an exhaustive analysis of a series of cyber incidents detected primarily on May 14 and May 15, 2026. The intelligence data details over 600 distinct cyber events, revealing a highly active and diversified cybercrime ecosystem operating across open web and Telegram networks. The threat landscape is overwhelmingly dominated by the distribution and sale of credential combo lists, indicating that credential stuffing and account takeover (ATO) attacks remain a primary vector for threat actors.

In addition to credential trafficking, the data highlights significant activity in website defacements orchestrated by hacktivist groups , high-impact data breaches affecting government and corporate infrastructure , the sale of initial access to corporate networks , and the proliferation of Cybercrime-as-a-Service (CaaS) offerings, including forged legal document services and DDoS-for-hire platforms. This report categorizes these incidents, profiles the key threat actors involved, analyzes the geographic and industry-specific victimology, and provides a detailed breakdown of the threat vectors.

2. Threat Category Analysis

2.1 Credential Harvesting and Combo Lists

The most prolific category of threat activity observed in the dataset is the distribution, trading, and sale of Combo Lists. These lists consist of millions of scraped or breached email and password pairs (and occasionally URL:Login:Password logs) tailored for automated credential stuffing.

Scale and Volume: Threat actors are distributing datasets of staggering sizes. Notable examples include a 150 million ULP (URL:Login:Password) combo list distributed by mr_daadaa , a 20 billion line credential database advertised by unempl0ye , a 3.7 million ULP list leaked by GoorG , and a 25.83 million ULP dataset marketed by DaxusULP.
Targeted Platforms: While many lists are “mixed” domains, actors specifically curate databases to target lucrative platforms. Credentials are explicitly marketed for attacks against cryptocurrency platforms (e.g., 697K credentials by MetaCloud3, 1.3M Hotmail pairs targeting crypto by HqComboSpace). Other targeted services include streaming and gaming (Netflix, Minecraft, Steam, Hulu, Spotify) , financial platforms (PayPal USA, Revolut) , retail platforms (DoorDash, Amazon, Walmart) , and enterprise environments (Office365, Slack).
Geographic Targeting: Threat actors meticulously sort credential databases by victim country to facilitate targeted regional attacks. The dataset shows dedicated combo lists for Brazil (723K) , Austria (185K) , Australia (100K+) , Belgium (98K) , Bolivia (14K) , Bangladesh (15K) , Germany (3.3K corporate, 693K shopping) , Poland , and the United States (105K, 145K).
Source Material: Many of these combo lists are explicitly derived from InfoStealer malware operations. For instance, threat actor kingdevl10 explicitly markets 4,600 Hotmail hits directly sourced from RedLine stealer logs. Other logs originate from META Stealer.

2.2 Data Breaches and Information Leaks

The report details numerous severe data breaches affecting sensitive sectors, primarily executed by financially motivated actors and ideological groups.

Government and Public Sector: Threat actors targeted municipal and federal databases globally. A massive 243GB database purportedly belonging to the Indonesian Ministry of Agriculture (pertanian.go.id) was held for a $10,000 ransom by the actor Kyyzo. Data belonging to the Guatemala Ministry of Finance was breached via API and IDOR vulnerabilities by GordonFreeman, compromising 130,000 registration records and 235,000 PDFs. Additionally, over 50,000 passport and ID card records of Burkina Faso citizens were freely leaked by smiro662 , and Iraqi census data was advertised for sale. In Taiwan, an actor named simo_colvin claimed to sell an internal database from the Psychological Warfare Team containing 6 million resident records for 4.8 BTC.
Education: Educational institutions were frequent victims. Actors leaked databases from the University of Agriculture Faisalabad in Pakistan , SMP Negeri 4 Denpasar in Indonesia , Collège de France , and EFC Formation in France (41 GB of student/teacher documents).
Healthcare: Sensitive medical data was compromised. The actor wilson008 claimed to leak approximately 100,000 patient records, including surgery videos and celebrity data, from South Korea’s Wonjin Surgery Hospital. In Indonesia, an actor sold a 63GB database belonging to Nakamura Holistic Therapy.
Corporate and Technology: The actor diencracked claimed to have leaked Lightning.ai’s internal codebase (10,239 files) after compromising PyPI credentials. The notorious ShinyHunters group advertised a repository of 8.9 million hacking operation files and claimed a breach of U.S. auto retailer CarMax affecting 452,000 customers. Furthermore, 2.03 GB of source code and Italian traffic enforcement data from KRIA S.r.l. was leaked.
Financial & Identity Verification: A highly sensitive breach involved the Brazilian video-based KYC platform Nuvidio. Threat actor xpl0itrs sold biometric KYC videos, SSL private keys for Banco Pan API authentication, and deepfake detection models for $12,000.

2.3 Hacktivism and Website Defacements

Website defacement remains a prominent tactic for establishing notoriety and broadcasting ideological messages. May 14 and May 15 saw a coordinated wave of defacements globally.

Nullsec Philippines: The actor Terror, affiliated with Nullsec Philippines, conducted a massive campaign targeting global assets. Victims included the financial platform Finance Samadhan (India) , Amorthe Luxe , Aashray RMF , 24×7 Care Foundation , and AICDA. The group also announced “Operation TSE,” targeting the Brazilian Superior Electoral Court alongside CyberTeam.
b1ohaz4rd: The actor azraelzer0d4y, representing the group b1ohaz4rd, focused heavily on retail, food, and luxury brands. Compromised sites included Carpet Tile Solutions (UK) , Artistas do Mundo (Brazil) , Sherpa Chai , Mercato del Gusto (Italy) , and French luxury pastry brand Pierre Hermé.
0xteam: The actor chinafans under 0xteam defaced educational and medical sites, including Iqra Centre , French handball club HBC Carpentras , and Dr. Rahavard.
Indonesian Threat Actors: Actors like Mr.PIMZZZXploit heavily targeted Indonesian regional government subdomains, particularly those of the Sukabumi Regency.

2.4 Cybercrime-as-a-Service (CaaS) and Malware

The underground forums tracked in this intelligence feed demonstrate a thriving, highly professionalized market for illicit services and tools.

Fraudulent Legal Requests: An advanced service operated by the actor convince offers the sale of forged legal documents (court orders, subpoenas, MLAT requests) designed to exploit Emergency Disclosure Requests (EDRs) against tech companies and ISPs. To lend credibility to these fraudulent requests, the actor sells access to compromised government email accounts worldwide for $5 to $350. The same actor sells registrar-level domain suspension services using API buffer overflows.
DDoS-for-Hire: Actors are renting out massive botnets. Stressium operates via a Telegram bot (@stressiumbot) claiming to bypass Cloudflare and OVH protections. Another service, GoliathStress, advertises Layer 4 and 7 attacks specifically tailored for game servers , while the Teaser botnet claims a staggering capacity of 4.5 terabits per second.
Malware Tools: Specific malware is being peddled, including cryptocurrency wallet brute-forcers such as the Bitcoin_Finder_Tool and BIP39-Phrase-Explorer, designed to extract mnemonic seed phrases. Furthermore, banking credential brute-forcing tools targeting institutions like ANZ bank are actively traded.
Carding & Identity Fraud: Actors like theblackops sell stolen credit card fullz, cloned ATM cards, and fraudulent PayPal/Western Union transfers.

2.5 Initial Access Brokering

Access to internal environments is traded directly before full-scale ransomware or exfiltration attacks occur.

Corporate & Government Access: An actor advertised shell access to Indonesian government (.ac.id) domains for 450k IDR. Another actor, allanado, sold direct mail access to the headquarters of an Argentinian international trade company.
Infrastructure Access: A highly critical claim involved an actor named macaroni selling full infrastructure access to the CoreWeave GPU Cloud, allegedly containing root shells, IAM keys, and Kubernetes pipeline access. Another actor compromised the surveillance camera systems of an Austrian jewelry shop to spy on employees and customers.

3. Threat Actor Profiling

Based on the intelligence provided, several actors and collectives emerge as high-value operational targets for cyber defense monitoring:

MetaCloud3 & Vows (Credential Aggregators): These actors operate industrialized combo list operations. MetaCloud3 frequently distributes massive specialized lists targeting Office365, Reddit, Spotify, Revolut, and Facebook Ads, utilizing their own “combo cloud” infrastructure. Vows operates similarly, heavily sponsoring AIO checker software (slateaio.com, vows.solutions) to monetize their lists.
convince (Service Provider): This actor represents a sophisticated social engineering threat, exploiting the legal framework by forging subpoenas and selling government email access to facilitate Emergency Data Requests.
Nullsec Philippines & b1ohaz4rd (Hacktivists): These groups (Terror, azraelzer0d4y) conduct high-volume web defacements. Their targets span globally without strict adherence to a specific industry, relying heavily on exploiting vulnerable subdirectories of poorly secured web applications.
GordonFreeman & Kyyzo (Data Brokers): Responsible for high-impact infrastructure breaches in Central/South America and Southeast Asia, such as the CANTV GPON network in Venezuela , the Guatemala Ministry of Finance , and the Indonesian Ministry of Agriculture.

4. Geographic and Industry Victimology

The threat activity demonstrates a borderless approach, though distinct regional clustering is evident.

Top Targeted Countries: * United States: Heavily targeted for corporate combo lists, retail account ATO (Macy’s, Target) , and critical data leaks (CarMax, Virginia DWR, Dept. of Energy).
- Indonesia: A primary target for both hacktivist defacements and severe government data breaches (Ministry of Agriculture, Sukabumi Regency, National Police, KPU).
- France: Frequently targeted for email combo lists and institutional breaches (Collège de France, EFC Formation, Pierre Hermé).
- South Korea: Numerous commercial databases (Tiara, Kocosa, Daouwood) and healthcare providers (Wonjin Surgery) were leaked.
- Brazil & Latin America: Targeted for KYC data (Nuvidio) , infrastructure sabotage (CANTV Venezuela) , and government email compromise (State of Acre).
Top Targeted Industries:
- E-Commerce and Retail: Targeted extensively by credential stuffing to drain stored payment methods and loyalty points.
- Government & Public Sector: Targeted for high-value PII (censuses, ID databases) and hacktivist messaging.
- Technology & SaaS: Targeted for internal code (Lightning.ai) and infrastructure access (CoreWeave).
- Cryptocurrency & Finance: Consistently targeted for direct financial theft using specialized crypto combo lists, fraudulent transfers, and seed-phrase bruteforcing tools.

5. Security Implications and Strategic Recommendations

The vast dissemination of parsed credential combo lists (totaling hundreds of millions of lines within a 48-hour period) poses a severe, immediate risk to organizations lacking robust identity access management architectures.

Defense Against Credential Stuffing: The widespread availability of targeted ULP and Combo Lists underscores the absolute necessity of Multi-Factor Authentication (MFA) across all external-facing portals (VPN, RDP, Webmail, SaaS applications). Organizations must deploy behavioral analytics and CAPTCHA mechanisms to detect and rate-limit automated login attempts utilizing these lists.
Defeating Infostealers: A significant portion of the “fresh” credentials traded stems from RedLine and META stealer logs. Organizations should enforce strict endpoint hygiene, limit browser-based password saving, and proactively monitor dark web log repositories to reset compromised corporate credentials before they are utilized.
Vulnerability Management: The high volume of website defacements by groups like b1ohaz4rd and Nullsec Philippines indicates widespread exploitation of outdated CMS plugins, directory traversal flaws, and misconfigured permissions. Continuous automated vulnerability scanning and strict adherence to principle-of-least-privilege on web server directories are critical.
Combating Fraudulent Legal Requests: The services provided by convince highlight a dangerous trend of weaponizing legal compliance procedures. Tech companies and ISPs handling Emergency Disclosure Requests (EDRs) must implement rigorous out-of-band verification protocols (e.g., verifying the requestor’s identity via phone calls to established law enforcement contacts) rather than relying solely on the presence of a .gov email address.
API and Infrastructure Security: The breaches affecting the Guatemala Ministry of Finance and the CoreWeave GPU Cloud demonstrate the catastrophic impact of insecure APIs (BOLA/IDOR vulnerabilities) and poorly secured IAM keys. Strict API gateway authentication, continuous IAM auditing, and cloud posture management are essential to prevent similar exfiltration events.

6. Conclusion

The intelligence snapshot from May 14 to May 15, 2026, reveals a mature, highly compartmentalized cybercrime economy. Threat actors seamlessly collaborate across public clearnet forums, encrypted Telegram channels, and dark web repositories to monetize compromised data at an industrial scale. Defending against this landscape requires organizations to move beyond reactive patching toward proactive threat hunting, robust identity management, and stringent verification of external communication protocols.

Detected Incidents Draft Data

Sale of Crypto-targeted Hotmail combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.3 million email:password lines sourced from Hotmail accounts, marketed as targeting cryptocurrency platforms. The list is being shared on a criminal forum under the Combolists section.
Date: 2026-05-14T23:38:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-299-003-Lines-%E2%9C%85-Crypto-target-Combolist-Hotmail
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix combo list of 1,000 email:password credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 1,000 email:password credential pairs on a cracking forum, marketed as fresh and private. The list is described as a mixed combo, likely sourced from multiple prior breaches. No specific victim organization is identified.
Date: 2026-05-14T23:38:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85%E2%9C%A8-1000-FRESH-MIX-COMBOLIST-%E2%9C%A8%E2%9C%85PRIVATE-COMBO%E2%9C%852026-FRESH-UHQ%E2%9C%85
Screenshots:
None
Threat Actors: znx_hq
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 5,300 credentials shared on cracking forum
Category: Combo List
Content: A combo list of approximately 5,300 Hotmail email and password pairs was shared on a cracking forum. The credentials are marketed as fresh and private, purportedly valid for 2026. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-14T23:34:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85%E2%9C%A8-5300-FRESH-HOTMAILS-COMBOLIST-%E2%9C%A8%E2%9C%85PRIVATE-COMBO%E2%9C%852026-FRESH-UHQ%E2%9C%85
Screenshots:
None
Threat Actors: znx_hq
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 150 million ULP combo list with mixed categories
Category: Combo List
Content: A threat actor is freely distributing a combo list of approximately 150 million URL:login:password (ULP) credentials spanning mixed categories. The list was shared via an external file-hosting link and is attributed to the handle @DADAZONE_V2.
Date: 2026-05-14T23:33:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-150M-ULP-TARGET-URL-LOGG-PASS-MIX-CATEGORIES-BY-DADAZONE-V2
Screenshots:
None
Threat Actors: mr_daadaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of HQ GeoMix stealer logs (10,000+ records)
Category: Logs
Content: A threat actor shared a collection of over 10,000 stealer log entries spanning multiple countries via a file-sharing link. The logs are described as fresh and high quality. No specific victim organization or sector is identified.
Date: 2026-05-14T23:32:43Z
Network: openweb
Published URL: https://cracked.st/Thread-HQ-LOGS-GeoMIX-COUNTRY-10000-Fresh–2093994
Screenshots:
None
Threat Actors: HULKMAD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: ULP (URL:Login:Pass) 3.7M Lines Leaked
Category: Combo List
Content: A threat actor leaked a combo list containing 3.7 million URL:Login:Password credential pairs on a cracking forum. The post markets the data as private and HQ (high quality). No specific victim organization is identified.
Date: 2026-05-14T23:32:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90ULP-URL-LOGIN-PASS-PRIVATE-3-7M-LINES%E2%AD%90HQ%E2%AD%90LEAKED%E2%AD%90BY-ACCGIR%E2%AD%90
Screenshots:
None
Threat Actors: GoorG
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email:password combo list (mixed USA and Worldwide)
Category: Combo List
Content: A threat actor is selling a combo list of 1 million email:password credentials at a stated cheap price. The list is described as mixed USA and Worldwide in origin. No refund or replacement is offered, but testing is available.
Date: 2026-05-14T23:31:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-WTS-GOOD-COMBOS-EMAIL-PASS–2093983
Screenshots:
None
Threat Actors: Reoza
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 120K email:password combo list targeting streaming and gaming services
Category: Combo List
Content: A threat actor is offering a combo list of 120,000 email:password pairs marketed as fresh and high quality, targeting services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The list includes credentials from multiple countries and email providers such as AOL, Yahoo, Hotmail, and Outlook. The actor is selling via Telegram and promoting through an associated cracking-focused website.
Date: 2026-05-14T23:29:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-120k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–204073
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of fresh mixed email combo list via PandaCloud
Category: Combo List
Content: A threat actor is distributing a mixed email combo list dated May 15, advertised as fresh and fully valid. The actor promotes a Telegram channel (PandaCloud04) offering both free public and paid private databases. The post claims private databases are unused and free of spam.
Date: 2026-05-14T23:26:45Z
Network: openweb
Published URL: https://crackingx.com/threads/75292/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged webshell access sales by Pharaohs_Team
Category: Initial Access
Content: Pharaohs_Team is advertising webshell access for sale via direct message. The post indicates pricing based on shell type/location (example: da pa 30+ for Indonesian .go.id domains), suggesting a tiered pricing model for compromised web shells.
Date: 2026-05-14T23:24:31Z
Network: telegram
Published URL: https://t.me/Pharaoh_e/25
Screenshots:
None
Threat Actors: Pharaohs_Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Scam Operation by Morocco-Based Threat Actor Using Multiple Account Aliases
Category: Cyber Attack
Content: A user posted a warning about an alleged scammer from Morocco who operates multiple accounts to defraud victims. The threat actor is documented as using at least 8 different aliases (@Onlyyashvir, @IRONMAN294, @NIGHT_KING91, @V_IPE_R, @Anos_sp, @Obitoo_4, @YASHVIR_OFFICAL, @Svb_homes) and changes identities frequently. The post claims the individual steals from people and distributes free leaked files. The warning advises caution and identifies the scammer as Arab.
Date: 2026-05-14T23:23:01Z
Network: telegram
Published URL: https://t.me/c/2613583520/81695
Screenshots:
None
Threat Actors: Onlyyashvir / IRONMAN294 / NIGHT_KING91 / V_IPE_R / Anos_sp / Obitoo_4 / YASHVIR_OFFICAL / Svb_homes
Victim Country: Morocco
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
120K Mixed Email:Password Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of 120,000 email:password and user:password credential pairs via a hidden forum download. The list is described as fresh and high quality, covering multiple email providers and geographic regions including AOL, Yahoo, Hotmail, Outlook, and users from the USA, UK, France, Germany, and other countries. The author also advertises paid combo list services via Telegram.
Date: 2026-05-14T23:14:08Z
Network: openweb
Published URL: https://altenens.is/threads/120k-fresh-hq-combolist-email-pass-mixed.2940172/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of James Bond Mailer phishing kit with cryptocurrency platform templates
Category: Phishing
Content: Threat actor offering James Bond Mailer phishing service with 25 pre-built templates targeting cryptocurrency exchanges (Coinbase, Kraken, Gemini, Binance, etc.) and hardware wallets (Ledger, Trezor). Service includes domain spoofing, sender name spoofing, unlimited email sending, and 40+ rotating SMTP servers. Pricing: $200/week, $400/month, $750/lifetime. Contact via Telegram @OmegaBon.
Date: 2026-05-14T22:50:00Z
Network: telegram
Published URL: https://t.me/BonServices/6
Screenshots:
None
Threat Actors: OmegaBon
Victim Country: Unknown
Victim Industry: Cryptocurrency/Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Carpet Tile Solutions by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 15, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a page on carpettilesolutions.com. The attack was a targeted single-page defacement, not a mass or home page compromise. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-05-14T22:49:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922419
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / Home Improvement
Victim Organization: Carpet Tile Solutions
Victim Site: www.carpettilesolutions.com
Website Defacement of artistasdomundo.com.br by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 15, 2026, the Brazilian arts and entertainment website artistasdomundo.com.br was defaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd. The attack targeted a subdirectory of the site and was a single, non-mass defacement. No specific motive or server details were disclosed in association with the incident.
Date: 2026-05-14T22:38:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922417
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Arts and Entertainment
Victim Organization: Artistas do Mundo
Victim Site: artistasdomundo.com.br
Website Redefacement of Sherpa Chai by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website sherpachai.com, associated with the Sherpa Chai brand in the food and beverage sector, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on May 15, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The defacement targeted a subdirectory path rather than the homepage, suggesting partial or directory-level compromise.
Date: 2026-05-14T22:34:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922418
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Sherpa Chai
Victim Site: www.sherpachai.com
Sale of large-scale URL:log:pass credential database
Category: Logs
Content: A threat actor is selling a large credential database purportedly containing 20 billion lines across multiple formats including URL:log:pass, log:pass, mail:pass, user:pass, and phone:pass. The database is claimed to cover all countries and supports keyword or query-based lookups. The seller is reachable via Telegram.
Date: 2026-05-14T22:33:29Z
Network: openweb
Published URL: https://xforums.st/threads/sell-url-log-pass-base.613839/
Screenshots:
None
Threat Actors: unempl0ye
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Data Repository Access Sale
Category: Data Leak
Content: ShinyHunters threat group is advertising a Files Cloud repository containing 8.9 million files related to hacking operations. They are soliciting new members to join their channel for a $10,000 USD subscription fee. Contact handles provided: unc6040 and node6240. The group claims to follow Telegram terms of service.
Date: 2026-05-14T22:23:10Z
Network: telegram
Published URL: https://t.me/c/3500620464/7888
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail account access and credential combo lists
Category: Initial Access
Content: Threat actor Engineering is offering mail account access with live proof and testing capabilities across multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan). Listing includes configs, scripts, tools, hits, and combo lists. Contact available via Telegram handle @EngineeringPhantom for requests.
Date: 2026-05-14T22:20:12Z
Network: telegram
Published URL: https://t.me/c/2613583520/81660
Screenshots:
None
Threat Actors: Engineering
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Mercato del Gusto by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The Italian food and beverage website Mercato del Gusto was defaced by threat actor azraelzer0d4y, a member of the group b1ohaz4rd, on May 15, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The defacement targeted a subdirectory of the domain rather than the homepage, suggesting partial compromise of the web server.
Date: 2026-05-14T22:17:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922416
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Italy
Victim Industry: Food & Beverage / Retail
Victim Organization: Mercato del Gusto
Victim Site: www.mercatodelgusto.it
Alleged Shinyhunters Threat Actor Group Communication and Operational Security Guidance
Category: Cyber Attack
Content: Members of the Shinyhunters threat actor group discussing operational security, providing contact information (Session ID, email, XMPP, Telegram), and claiming involvement in hacking activities including alleged Chinese military data breach. References to UNC6040 and Aegis as affiliated actors. Group explicitly denies cooperation with law enforcement agencies.
Date: 2026-05-14T22:11:11Z
Network: telegram
Published URL: https://t.me/c/3500620464/7882
Screenshots:
None
Threat Actors: Shinyhunters
Victim Country: China
Victim Industry: Military/Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access credentials and combo lists across multiple countries
Category: Initial Access
Content: Threat actor advertising mail access availability with live proof across France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Offering configs, scripts, tools, hits, and combo lists. Contact via @EngineeringPhantom for requests.
Date: 2026-05-14T21:49:16Z
Network: telegram
Published URL: https://t.me/c/2613583520/81638
Screenshots:
None
Threat Actors: EngineeringPhantom
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged classified Chinese PLA military documents and intelligence reports
Category: Documents
Content: A threat actor is offering for sale multiple purported classified Chinese PLA military documents, including research reports on UAV systems, radar technologies, stealth measurement systems, and intelligence analyses of Taiwans combat strategy. Prices range from approximately $1,014 to $5,000 per document. The actor claims to accept escrow and is soliciting contact via Telegram, Session, Tox, Matrix, and Jabber.
Date: 2026-05-14T21:45:57Z
Network: openweb
Published URL: https://breached.st/threads/china-fresh-secret-pla-reports-for-sale.87120/unread
Screenshots:
None
Threat Actors: mosad
Victim Country: China
Victim Industry: Government
Victim Organization: Peoples Liberation Army
Victim Site: Unknown
Alleged data leak of Lightning.ai internal codebase and source code
Category: Data Leak
Content: A threat actor claims to have obtained Lightning.ais internal codebase by capturing PyPI credentials on April 30, 2026, and pushing compromised versions of PyTorch Lightning. The actor is freely distributing the data, which purportedly includes private repositories such as litgpt-private, lit-vllm, and other internal tools. The leaked dataset is reported to contain 1,360 directories and 10,239 files.
Date: 2026-05-14T21:45:14Z
Network: openweb
Published URL: https://breached.st/threads/lightning-ai-internals-leaked.87119/unread
Screenshots:
None
Threat Actors: diencracked
Victim Country: United States
Victim Industry: Technology
Victim Organization: Lightning.ai
Victim Site: lightning.ai
Sale of US email:password combo list with 105,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 105,000 United States mail:password credential pairs, marketed as super ultra high quality (SUHQ) and suitable for credential stuffing across multiple services. The list is dated May 14 and attributed to the actor TheLupin.
Date: 2026-05-14T21:37:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-105-000-UNITED-STATES-MAIL-PASSWORD-DATA-SUHQ-FOR-EVERYTHING-05-14
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed domain combo list with over 1 million credentials
Category: Combo List
Content: A mixed domain, mixed target combo list containing over 1 million email and password combinations was shared on a cracking forum. The post offers no further details about the origin or targets of the credentials.
Date: 2026-05-14T21:37:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-053-943-%E2%9C%85-Mixed-Domain-Mixed-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials allegedly sourced from RedLine stealer logs
Category: Combo List
Content: A threat actor is distributing approximately 4,600 Hotmail credentials described as fresh valid hits sourced from RedLine stealer logs. The post directs users to a private channel for access. The credentials are marketed as private and unverified by third parties.
Date: 2026-05-14T21:36:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%E2%AD%904-6K-FRESH-HOTMAIL-VALID-HITS-ONLY-FROM-REDLINE%E2%AD%90-PRIVATE-UNRAPPED-DATA-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 15K mixed combo list
Category: Combo List
Content: A threat actor is sharing a mixed combo list of approximately 15,000 credentials marketed as super ultra high quality (SUHQ) and fresh. The post is sponsored by slateaio.com, likely a credential-stuffing or account-checking tool service.
Date: 2026-05-14T21:35:32Z
Network: openweb
Published URL: https://cracked.st/Thread-15K-SUHQ-MIXED-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 5K SUHQ Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5,000 Hotmail credentials marketed as super ultra high quality (SUHQ) and fresh. The list is shared on a cracking forum and appears to be intended for credential stuffing use.
Date: 2026-05-14T21:35:04Z
Network: openweb
Published URL: https://cracked.st/Thread-5K-SUHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs from RedLine cloud dated May 2026
Category: Logs
Content: A threat actor shared what is claimed to be fresh URL:login:password (ULP) logs sourced from a RedLine stealer cloud dated May 14, 2026. The post promotes a private channel via Telegram for access to the data. No specific victim organization or record count is identified.
Date: 2026-05-14T21:33:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%90FRESH-ULP-FROM-REDLINE-COUD-14-05-2026-UNRAPPED-UHQ-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5K SUHQ mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 5,000 mail access credentials marketed as super ultra high quality (SUHQ) and fresh. The post is sponsored by vows.solutions and was shared on a cracking forum.
Date: 2026-05-14T21:33:33Z
Network: openweb
Published URL: https://cracked.st/Thread-5K-SUHQ-MAIL-ACCESS-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 380K URL:Login:Password combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 380,000 URL:login:password credential pairs, marketed as high quality and suitable for general use. The content is gated behind forum registration or login. The list is dated May 2026 and advertised as private lines.
Date: 2026-05-14T21:33:00Z
Network: openweb
Published URL: https://patched.to/Thread-380k-ulp-private-lines%E2%9A%A1high-quality%E2%9A%A1mix-use-for-anything-you-need%E2%9A%A1-may-2026
Screenshots:
None
Threat Actors: BaggerraYZ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Canada email:password combo list
Category: Combo List
Content: A threat actor known as ShroudX is distributing a combo list purportedly containing high-quality Canadian email and password pairs. The content is gated behind registration or login, limiting visibility into record count or specific details. The list is marketed as HQ (high quality), suggesting credentials may have been verified or tested.
Date: 2026-05-14T21:32:38Z
Network: openweb
Published URL: https://patched.to/Thread-hq-canada-emailpass-combolist-shroud20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Canada email:password combo list allegedly distributed
Category: Combo List
Content: A forum member shared a file purportedly containing a Canadian email and password combo list. No additional details regarding record count or targeted services are available from the post content.
Date: 2026-05-14T21:32:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-CANADA-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Germany email:password combo list
Category: Combo List
Content: A threat actor known as ShroudX is distributing a Germany-focused email:password combo list on a clearnet forum. The content is gated behind registration or login, obscuring specific details such as record count or targeted services. The list is marketed as high quality (HQ).
Date: 2026-05-14T21:32:19Z
Network: openweb
Published URL: https://patched.to/Thread-hq-germany-emailpass-combolist-shroud20-txt-302449
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
France email:password combo list shared on cracking forum
Category: Combo List
Content: A user on a cracking forum shared a combo list advertised as high-quality France email:password pairs. The list is attributed to user ShroudX and marketed under the handle SHROUD20. No additional details on record count or source are available.
Date: 2026-05-14T21:32:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-FRANCE-EMAILPASS-COMBOLIST-SHROUD20-txt–2294782
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany email:password combo list shared on cracking forum
Category: Combo List
Content: A threat actor identified as ShroudX shared a combo list of Germany-targeted email and password pairs on a cracking forum. The post is titled HQ GERMANY EMAILPASS COMBOLIST suggesting the credentials are marketed as high quality. No further details are available from the post content.
Date: 2026-05-14T21:31:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-GERMANY-EMAILPASS-COMBOLIST-SHROUD20-txt–2294783
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Poland email:password combo list
Category: Combo List
Content: A threat actor known as ShroudX is distributing a Poland-based email:password combo list on a cybercrime forum. The content is gated behind registration or login, and no further details about record count or targeted services are available from the post.
Date: 2026-05-14T21:31:45Z
Network: openweb
Published URL: https://patched.to/Thread-hq-poland-emailpass-combolist-shroud20-txt-302450
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Poland Email:Password Combo List
Category: Combo List
Content: A threat actor is sharing or selling a Poland-based email:password combo list on a cracking forum. No further details are available from the post content.
Date: 2026-05-14T21:31:35Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-POLAND-EMAILPASS-COMBOLIST-SHROUD20-txt–2294784
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ UK email:password combo list
Category: Combo List
Content: A threat actor operating as ShroudX shared a UK-focused email:password combo list on a cracking forum. No further details regarding record count or targeted services are available from the post content.
Date: 2026-05-14T21:31:15Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-UK-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 6,200 Hotmail credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 6,200 Hotmail email credentials, described as valid mail access. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-14T21:30:45Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9C%A8%E2%9A%9C%EF%B8%8FX6200-HOTMAIL-MAIL-ACCESS-FULL-Vaild-%E2%9A%9C%EF%B8%8F%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: HOTMAILPR0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list containing 13K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 13,000 Hotmail credentials via Pasteview. The list is marketed as containing valid (good) credential pairs suitable for credential stuffing against Hotmail accounts.
Date: 2026-05-14T21:29:42Z
Network: openweb
Published URL: https://altenens.is/threads/13k-hotmail-good-combolist.2940058/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 7,421 mixed credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 7,421 claimed valid mixed credentials via Pasteview. The list is marketed as UHQ (ultra high quality) and made available for free on the forum.
Date: 2026-05-14T21:29:16Z
Network: openweb
Published URL: https://altenens.is/threads/7421x-uhq-valid-mix-ebbi_cloud.2940079/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 10,586 UHQ valid mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 10,586 credentials described as UHQ (ultra-high quality) valid mixed accounts via a Pasteview link. The credentials appear to be distributed freely on the forum.
Date: 2026-05-14T21:28:51Z
Network: openweb
Published URL: https://altenens.is/threads/10586x-uhq-valid-mix-ebbi_cloud.2940080/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 4,750 UHQ mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 4,750 mixed credentials described as UHQ (ultra-high quality) via Pasteview. The content is made available for free on the forum. No specific target service or victim organization is identified.
Date: 2026-05-14T21:28:24Z
Network: openweb
Published URL: https://altenens.is/threads/4750x-uhq-valid-mix-ebbi_cloud.2940077/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 14,429 mixed credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 14,429 mixed credentials via Pasteview, marketed as UHQ (ultra-high quality) valid entries. The list was made available for free on the forum.
Date: 2026-05-14T21:27:58Z
Network: openweb
Published URL: https://altenens.is/threads/14429x-uhq-valid-mix-ebbi_cloud.2940081/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 15,287 UHQ mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 15,287 claimed UHQ (ultra-high quality) mixed credentials via Pasteview. The list is described as valid and was made available for free on the forum.
Date: 2026-05-14T21:27:24Z
Network: openweb
Published URL: https://altenens.is/threads/15287x-uhq-valid-mix-ebbi_cloud.2940083/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ valid mix combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 16,625 alleged valid mixed credentials via an external paste service. The list is marketed as UHQ (ultra-high quality), suggesting the credentials have been tested or verified.
Date: 2026-05-14T21:26:55Z
Network: openweb
Published URL: https://altenens.is/threads/16625x-uhq-valid-mix-ebbi_cloud.2940086/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Brazil distributed on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 723,000 email:password pairs associated with Brazilian accounts, marketed as fresh and high quality. The list was made available behind a registration/login gate on a known cybercrime forum.
Date: 2026-05-14T21:22:40Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-723-K-Combo-%E2%9C%AA-Brazil-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Austria distributed on cybercrime forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 185,000 email:password pairs associated with Austrian accounts on a cybercrime forum. The credentials are marketed as fresh and high quality, dated May 14, 2026.
Date: 2026-05-14T21:22:13Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-185-K-Combo-%E2%9C%AA-Austria-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Australia combo list of 100K+ credentials
Category: Combo List
Content: A threat actor shared a combo list of over 100,000 email:password pairs allegedly associated with Australian users, marketed as fresh and high quality. The list was posted on a clearnet breach forum and is accessible to registered members.
Date: 2026-05-14T21:20:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-100-K-Combo-%E2%9C%AA-Australia-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Belgium distributed on forum
Category: Combo List
Content: A combo list containing approximately 98,000+ credentials associated with Belgium was shared on a cybercrime forum. The post was made on May 14, 2026, by user thejackal101. No further details about the content or targeted services are available.
Date: 2026-05-14T21:18:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-98-K-Combo-%E2%9C%AA-Belgium-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Bolivia distributed on cybercrime forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 14,000 email:password pairs purportedly associated with Bolivian accounts. The credentials are marketed as fresh and high quality. The list was posted on a cybercrime forum and requires registration or login to access.
Date: 2026-05-14T21:17:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-14-K-Combo-%E2%9C%AA-Bolivia-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Bolivia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Bangladesh accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 15,000 email:password pairs described as Bangladesh-origin credentials, marketed as fresh and high quality. The list was made available behind a registration/login gate on a public breach forum.
Date: 2026-05-14T21:16:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-15-K-Combo-%E2%9C%AA-Bangladesh-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting British Indian email accounts
Category: Combo List
Content: A threat actor shared a combo list containing over 17,000 email:password credential pairs described as targeting British Indian accounts. The credentials are marketed as fresh and high quality, dated 14 May 2026. The list is available to registered forum members via hidden content.
Date: 2026-05-14T21:15:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-17-K-Combo-%E2%9C%AA-British-Indian-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of forged legal documents, government email access, and domain takedown services
Category: Services
Content: A threat actor operating under the alias convince is selling a suite of illicit services including forged court orders, subpoenas, seizure warrants, and MLAT requests designed to fraudulently obtain PII and IP logs from tech companies and ISPs via Emergency Disclosure Requests. The actor also offers access to government email accounts across multiple countries to lend legitimacy to fraudulent legal requests, priced from $5 to $350 depending on jurisdiction. Additionally, domain takedown servic
Date: 2026-05-14T21:11:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SELLING-FORGED-COURT-ORDERS-DOMAIN-TAKEDOWNS-GOV-EMAILS-PRIVATE-EDR-ASSETS
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of scam tools platform user database
Category: Data Leak
Content: A threat actor claims to have dumped a database belonging to an unnamed scam tools platform, containing 1,235 user records including usernames, user IDs, first names, and activity metadata. The data is being distributed for free via a hidden download link on BreachForums. The post attributes the dump to the actor and an associate identified as NexData.
Date: 2026-05-14T21:08:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Scam-Tools-Breached-Data-Leak-2025
Screenshots:
None
Threat Actors: exclode
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of domain suspension service claiming registrar-level takedowns
Category: Services
Content: A threat actor operating under the alias convince is advertising a for-hire domain suspension service on Breachforums, claiming the ability to force registrar-level administrative freezes on target domains. The service is priced at $800 per domain takedown or $5,000 for the full method including scripts for header-spoofing and verification bypass. The actor claims to use a buffer overflow against registrar reporting APIs to trigger false security violations and auto-locks.
Date: 2026-05-14T21:05:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-PRIVATE-DOMAIN-SUSPENSION-SERVICE-REGISTRAR-LEVEL-TAKEDOWNS-100-UPTIME-ON-HITS
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, CVVs, bank logins, and related carding products
Category: Carding
Content: A threat actor advertising the sale of stolen credit cards (CC, CVV, VBV, non-VBV), card dumps (Track 101/201 with PIN), bank logins, PayPal accounts, and fullz (SSN/DOB) across multiple countries. The seller also offers related fraud tools including EMV software, scam pages, RDP, cPanel, and SMTP access. Contact is solicited via Telegram, Signal, and email.
Date: 2026-05-14T21:02:13Z
Network: openweb
Published URL: https://altenens.is/threads/fresh-update-with-hitting-balance-im-asian-hacker-from-asia-manila-im-having-experience-in-information-technology-years-always-selling-stuff-hig.2940064/unread
Screenshots:
None
Threat Actors: sarabelle
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 1.4 million URL:log:pass credentials
Category: Combo List
Content: A threat actor shared a Mega.nz link containing approximately 1.4 million URL:log:pass entries, consistent with stealer log output. The dataset was made available for free on a cracking forum on 15 May.
Date: 2026-05-14T20:58:47Z
Network: openweb
Published URL: https://crackingx.com/threads/75288/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of forged legal documents, government email access, and domain takedown services
Category: Services
Content: A threat actor operating under the alias convince is selling a suite of fraudulent services including forged court orders, subpoenas, seizure warrants, and MLAT requests designed to impersonate law enforcement for Emergency Disclosure Requests (EDR) against tech companies and ISPs. The actor also offers access to government-domain email accounts from multiple countries to lend legitimacy to fraudulent legal requests, priced between $5 and $350 per account depending on country. Additional offer
Date: 2026-05-14T20:54:44Z
Network: openweb
Published URL: https://breached.st/threads/premium-forged-court-orders-domain-seizures-gov-emails-private-edr-suite.87117/unread
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of U.S. Department of Energy National Laboratory confidential technical report
Category: Data Leak
Content: A threat actor claims to have leaked a confidential technical report from a U.S. Department of Energy National Laboratory, purportedly containing technical and functional requirements for a Common Data Link for Small Unmanned Aircraft Systems. The document is attributed to an individual and organizational unit and dated June 2025. A download link was shared via Telegram.
Date: 2026-05-14T20:54:02Z
Network: openweb
Published URL: https://breached.st/threads/u-s-department-of-energy-national-laboratory-confidential-report-leak.87118/unread
Screenshots:
None
Threat Actors: mosad
Victim Country: United States
Victim Industry: Government
Victim Organization: U.S. Department of Energy National Laboratory
Victim Site: Unknown
Distribution of stealer logs (ULP format, 3.83 GB)
Category: Logs
Content: A threat actor on a dark web forum is sharing approximately 3.83 GB of compressed stealer logs in ULP (URL:Login:Password) format. The logs are described as fresh and high quality, available to users who reply to the thread or upgrade their forum account.
Date: 2026-05-14T20:49:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-3-83-GB-%E2%9C%AA-CLOUD-S-%E2%9C%AA-ULP-LOG-S-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CANTV ABA ULTRA GPON network infrastructure in Venezuela
Category: Data Breach
Content: A threat actor claims to have compromised a UISP Ubiquiti administration panel belonging to CANTVs GPON fiber optic network in eastern Venezuela, exfiltrating data on approximately 7,500 residential users and 4,000 OLT network devices. Exfiltrated data allegedly includes full residential profiles, email addresses, phone numbers, financial records, GPS coordinates, MAC addresses, and serial numbers. The actor states this data provides a blueprint for physical sabotage of GPON infrastructure in t
Date: 2026-05-14T20:46:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CANTV-ABA-ULTRA-Venezuela-2026-7-5K-Personal-Data-4K-Data-OLT-GPON-Fiber-Optic
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Venezuela
Victim Industry: Telecommunications
Victim Organization: CANTV
Victim Site: cantv.com.ve
Free distribution of RedLine stealer logs
Category: Logs
Content: A threat actor is freely distributing approximately 4GB of stealer logs allegedly harvested via RedLine on 14 May 2026. The post directs users to a Telegram channel for access. No specific victim organization or country is identified.
Date: 2026-05-14T20:40:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%904gb-FRESH-UPP-LOGS%E2%AD%90-FROM-REDLINE-14-05-2026-UNRAPPED%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OneDrive combo list of 700K credentials offered on forum
Category: Combo List
Content: A threat actor operating under the alias MetaCloud3 is distributing a combo list of approximately 700,000 credentials marketed for use against OneDrive. The post claims a high hit rate and describes the data as private and sourced from paid cloud services. The content is gated behind forum registration or login.
Date: 2026-05-14T20:40:15Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-%E3%80%8C-700k-%E3%80%8D%E2%9A%A1-onedrive-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of OneDrive combo list with 700K credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 700,000 email:password credentials marketed for use against OneDrive, advertised as private data with a high hit rate. The post claims the list is new for 2026.
Date: 2026-05-14T20:40:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-700K-%E3%80%8D%E2%9A%A1-ONEDRIVE-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 775K social media combo list
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 775,000 social media credentials, described as a private base suitable for credential stuffing. The post advertises the actors combo cloud service offering high-quality data via private lines.
Date: 2026-05-14T20:39:42Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1775k-social-media%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting USA, France, and Germany users
Category: Combo List
Content: A threat actor is offering a combo list of 625K email:password credentials sourced from users in the United States, France, and Germany. The list is advertised as a private base suitable for credential stuffing across various services. No specific victim organization is identified.
Date: 2026-05-14T20:39:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1625K-USA-FR-DE%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 775K social media credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 775,000 email and password pairs purportedly sourced from social media accounts. The post describes the base as private and suitable for general credential stuffing purposes.
Date: 2026-05-14T20:39:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1775K-SOCIAL-MEDIA%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email and password combo lists via subscription service
Category: Combo List
Content: A threat actor operating under cool cloud is offering free and paid ULP (Username:Login:Password) combo lists with 50K lines. Free daily drops are advertised alongside a premium subscription tier ranging from $15 per week to $250 per year for higher-quality credential lines. The service is marketed for credential stuffing purposes with no specific victim organization identified.
Date: 2026-05-14T20:39:07Z
Network: openweb
Published URL: https://patched.to/Thread-cool-config-free-ulp-50k-lines-email-pass
Screenshots:
None
Threat Actors: Coolconfigcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1 million UHQ combo list
Category: Combo List
Content: A threat actor posted a combo list marketed as UHQ containing approximately 1 million credential pairs. No additional details about the targeted service or data composition are available.
Date: 2026-05-14T20:38:50Z
Network: openweb
Published URL: https://cracked.st/Thread-1M-UHQ-COMBOLIST-BY-NUTTELA101
Screenshots:
None
Threat Actors: Nuttela
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1 million UHQ combo list by Nuttela101
Category: Combo List
Content: A threat actor known as Nuttela101 is distributing a combo list advertised as containing 1 million UHQ (ultra-high quality) credential pairs. The content is hidden behind a login/registration wall on the forum. No specific targeted service or victim organization is identified.
Date: 2026-05-14T20:38:37Z
Network: openweb
Published URL: https://patched.to/Thread-1m-uhq-combolist-by-nuttela101
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Roblox combo list with 3.1 million credentials
Category: Combo List
Content: A threat actor known as Nuttela is distributing a mail:pass combo list marketed for use against Roblox accounts, containing approximately 3.1 million credential pairs. The list is shared on a public cracking forum. Roblox is the credential-stuffing target, not the breach source.
Date: 2026-05-14T20:38:27Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%903-1M%E2%AD%90-MAIL-PASS-ROBLOX-COMBOLIST-%E2%9A%A1BY-NUTTELA%E2%9A%A1
Screenshots:
None
Threat Actors: Nuttela
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.5 million Mail:Pass combo list
Category: Combo List
Content: A threat actor known as Nuttela101 is offering a mail:pass combo list containing 1.5 million lines, marketed as high quality. The content is paywalled and requires forum registration or login to access.
Date: 2026-05-14T20:38:12Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%901-5m%E2%AD%90-lines-high-quality-mail-pass-combo%E2%9A%A1by-nuttela%E2%9A%A1
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user shared a combo list of 500 Hotmail credentials, claimed to be valid and recently checked. No additional details are available from the post content.
Date: 2026-05-14T20:38:05Z
Network: openweb
Published URL: https://cracked.st/Thread-500-hotmail-valid-just-checked
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2.5 million email and password combo list targeting social media
Category: Combo List
Content: A threat actor known as Nuttela101 is distributing a combo list of 2.5 million email and password pairs purportedly targeting social media platforms. The content is gated behind registration or login on the forum. No specific breached organization is identified.
Date: 2026-05-14T20:37:37Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%902-5m%E2%AD%90-mail-pass-social-media-%E2%9A%A1by-nuttela%E2%9A%A1
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Institutional Trading Course on Cracking Forum
Category: Services
Content: A user on a cracking forum shared download links for a premium institutional/Smart Money Concepts (SMC) trading course. The post describes educational content covering institutional trading strategies, liquidity analysis, and market structure techniques. The content appears to be pirated or otherwise illicitly distributed trading education material.
Date: 2026-05-14T20:37:00Z
Network: openweb
Published URL: https://nulledbb.com/thread-Trade-Entries-Starter-Guide
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting orange.fr users
Category: Combo List
Content: A threat actor shared a combo list of approximately 5,000 email:password credentials associated with orange.fr accounts via an external paste site. The post is categorized as a combo list and does not constitute a breach of Oranges infrastructure.
Date: 2026-05-14T20:36:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-5k-orange-fr-PRIVATE
Screenshots:
None
Threat Actors: COYYT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 11K mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 11,000 mixed email and password credential pairs. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-14T20:36:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-11K-MIXED-MAIL-ACCESS-GOODS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged macOS Kernel Vulnerabilities Exploited via AI-Assisted Research
Category: Vulnerability
Content: Researchers allegedly discovered two serious macOS vulnerabilities and developed a working exploit using neural network analysis. The exploit reportedly grants access to device memory and kernel, enabling arbitrary code execution.
Date: 2026-05-14T20:17:10Z
Network: telegram
Published URL: https://t.me/c/1397463379/11302
Screenshots:
None
Threat Actors: Mythos
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting cryptocurrency services with 697K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 697,000 email and password pairs marketed for use against cryptocurrency platforms. The post claims the credentials are private data with a high hit rate. The dataset is advertised as new for 2026.
Date: 2026-05-14T20:05:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-697K-%E3%80%8D%E2%9A%A1-CRYPTO-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency combo list with 697K credentials
Category: Combo List
Content: A threat actor operating under the alias MetaCloud3 is offering a combo list of approximately 697,000 credentials purportedly targeted at cryptocurrency platforms. The post markets the data as private and claims an impressive hit rate, suggesting the credentials have been tested. The actor also advertises an ongoing combo cloud service with access to additional data.
Date: 2026-05-14T20:05:25Z
Network: openweb
Published URL: https://patched.to/Thread-%E3%80%8C-697k-%E3%80%8D%E2%9A%A1-crypto-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 506K email access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 506,000 email and password pairs, advertised as a private base suitable for credential stuffing against various services. The post claims the data is sponsored by the authors own brand, MetaCloud.
Date: 2026-05-14T20:05:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1506K-MAIL-ACCESS%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Spotify combo list of 571K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 571,000 credentials marketed as a private base suitable for credential stuffing against Spotify and other services. The post is authored by MetaCloud3 and the content is gated behind registration or login. The actor advertises an ongoing combo cloud service offering high-quality data.
Date: 2026-05-14T20:04:52Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1571k-spotify%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify combo list containing 571K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 571,000 email:password pairs marketed as a private base suitable for credential stuffing against Spotify. The post advertises the dataset as private and claims it is usable for multiple purposes.
Date: 2026-05-14T20:04:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1571K-SPOTIFY%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Reddit distributed on cracking forum
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 554,000 email:password credentials marketed for use against Reddit, advertised as private data with a high hit rate. Reddit is the credential-stuffing target, not the breach source. No further technical details are provided in the post.
Date: 2026-05-14T20:04:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-554K-%E3%80%8D%E2%9A%A1-REDDIT-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of PayPal USA combo list with 795K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 795,000 credentials marketed as targeting PayPal USA accounts, advertised with a high hit rate and described as private data. The post is associated with a combo cloud service offering credential lists. PayPal is the credential-stuffing target, not the breach victim.
Date: 2026-05-14T20:04:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E3%80%8C-795k-%E3%80%8D%E2%9A%A1-paypal-usa-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
PayPal USA combo list with 795K credentials
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 795,000 email:password credentials marketed for use against PayPal US accounts. The post claims the data is private and advertises an impressive hit rate, suggesting the credentials have been tested. PayPal is the credential-stuffing target, not the breach source.
Date: 2026-05-14T20:03:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-795K-%E3%80%8D%E2%9A%A1-PAYPAL-USA-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Revolut distributed on forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 599,000 credentials marketed as usable against Revolut accounts. The post describes the data as a private base and is associated with a combo cloud service offering high-quality data and private lines.
Date: 2026-05-14T20:03:46Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1599k-revolut%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Revolut with 599K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 599,000 email:password pairs marketed as a private base suitable for credential stuffing against Revolut. The post advertises the list as effective for multiple use cases. No breach of Revolut is claimed; the named service is a credential-stuffing target only.
Date: 2026-05-14T20:03:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1599K-REVOLUT%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Facebook Ads marketed as 671K private credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 671,000 credentials marketed for use against Facebook Ads, claimed to be private data with a high hit rate. The post is affiliated with a service advertised as a combo cloud offering high-quality data and private lines.
Date: 2026-05-14T20:03:15Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-%E3%80%8C-671k-%E3%80%8D%E2%9A%A1-facebook-ads-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Facebook Ads distributed with claimed 671K credentials
Category: Combo List
Content: A threat actor operating as MetaCloud3 is distributing a combo list of approximately 671,000 email and password pairs marketed for use against Facebook Ads accounts. The post claims the credentials are private and fresh for 2026 with a high hit rate.
Date: 2026-05-14T20:02:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-671K-%E3%80%8D%E2%9A%A1-FACEBOOK-ADS-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 760K shopping combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 760,000 credentials marketed as a private base suitable for shopping-related credential stuffing. The post advertises the list as part of an ongoing combo cloud service offering high-quality private data.
Date: 2026-05-14T20:02:42Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-%E2%9A%A1760k-shopping%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Office365 combo list with 778K credentials
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 778,000 email:password credentials marketed for use against Office365. The post claims a high hit rate and describes the data as private and new for 2026.
Date: 2026-05-14T20:02:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-778K-%E3%80%8D%E2%9A%A1-OFFICE365-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Office365 combo list with 778K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 778,000 credentials marketed for use against Office365, described as private data with a high hit rate. The post is associated with a combo cloud service offering affordable access to credential data.
Date: 2026-05-14T20:02:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E3%80%8C-778k-%E3%80%8D%E2%9A%A1-office365-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of DoorDash credential combo list with 736K records
Category: Combo List
Content: A threat actor is distributing a combo list of 736K email:password credentials marketed as a private base suitable for use against DoorDash. The post advertises the list as usable for various credential stuffing purposes.
Date: 2026-05-14T20:01:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1736K-DOORDASH%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DoorDash combo list freely shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 736,000 credentials marketed as a private base usable against DoorDash. The post is hosted behind a registration wall and promotes the authors combo cloud service. DoorDash is the credential-stuffing target, not the breach source.
Date: 2026-05-14T20:01:39Z
Network: openweb
Published URL: https://patched.to/Thread-food-%E2%9A%A1736k-doordash%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Outlook and Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 2,200 credentials marketed for Outlook and Hotmail accounts on a public forum. The content is gated behind registration or login.
Date: 2026-05-14T20:01:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-200-good-combo-logs-outlook-hotmail
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user is sharing a combo list targeting Hotmail accounts as hidden content accessible to registered members. No further details about record count or data composition are visible in the post.
Date: 2026-05-14T20:00:43Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8FHOTMAIL-ACCESS%E2%AD%90%EF%B8%8F–20622
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts shared on forum
Category: Combo List
Content: A forum user shared a combo list advertised as Hotmail account credentials. The content is hidden behind a registration/login wall, limiting visibility into the volume or nature of the data. No additional details about origin or record count are available.
Date: 2026-05-14T20:00:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%AD%90%EF%B8%8Fhotmail-access%E2%AD%90%EF%B8%8F-302393
Screenshots:
None
Threat Actors: MailCL0ud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting German email services
Category: Combo List
Content: A threat actor is distributing a combo list advertised as German email access credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. No further details on record count or specific email providers are available from the post.
Date: 2026-05-14T20:00:21Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8FDE-MAIL-ACCESS%E2%AD%90%EF%B8%8F–20623
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
USA mail access combo list shared on leak forum
Category: Combo List
Content: A threat actor shared a combo list advertised as USA mail access credentials on a leak forum. The content is hidden behind a registration or login gate, limiting visibility into record count or specific mail providers targeted. No further details are available from the post.
Date: 2026-05-14T19:59:57Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8FUSA-MAIL-ACCESS%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Multi-Country Mixed Mail Access
Category: Combo List
Content: A threat actor is sharing a multi-country mixed mail access combo list on a leak forum. The content is hidden behind a registration or login requirement. No further details regarding record count or targeted services are available from the post.
Date: 2026-05-14T19:59:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-All-Countries-Mix-Mail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list shared by threat actor f1veu
Category: Combo List
Content: A threat actor operating under the handle f1veu shared a mixed combo list on a cracking forum. The post contains minimal detail beyond a download reference and author tag. No specific target organization, record count, or data fields were disclosed.
Date: 2026-05-14T19:56:30Z
Network: openweb
Published URL: https://crackingx.com/threads/75278/
Screenshots:
None
Threat Actors: f1veu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a high-quality mixed combo list containing approximately 23,290 credential pairs. The listing advertises daily supply of 4,000–12,000 fresh credentials described as untouched and optimized for credential stuffing. Access is marketed as private and exclusive to members.
Date: 2026-05-14T19:56:13Z
Network: openweb
Published URL: https://crackingx.com/threads/75279/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Germany combo list distributed by D4rkNetHub
Category: Combo List
Content: A threat actor known as D4rkNetHub shared a combo list purportedly containing 12,568 credentials associated with Germany. The post is gated behind forum registration and references an external image host, suggesting the list is available to registered members.
Date: 2026-05-14T19:55:54Z
Network: openweb
Published URL: https://crackingx.com/threads/75280/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List shared by threat actor f1veu
Category: Combo List
Content: A threat actor operating under the handle f1veu shared a mixed combo list on a cracking forum. The post contains minimal detail beyond a download reference and author tag. No specific victim organization, record count, or data fields were disclosed.
Date: 2026-05-14T19:55:35Z
Network: openweb
Published URL: https://crackingx.com/threads/75281/
Screenshots:
None
Threat Actors: f1veu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 5,950 stealer logs
Category: Combo List
Content: A threat actor shared a collection of 5,950 stealer logs via a Pixeldrain link, marketed as fresh and dated 14 May. The logs were made available at no cost on a cracking forum.
Date: 2026-05-14T19:55:17Z
Network: openweb
Published URL: https://crackingx.com/threads/75282/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of US employee W2 tax documents from CPA firm
Category: Data Leak
Content: A threat actor claims to have leaked approximately 4GB of W2 tax documents belonging to US employees, allegedly extracted from a CPA firms mailbox. The data is being made available for free on the forum. The specific CPA organization has not been identified.
Date: 2026-05-14T19:51:03Z
Network: openweb
Published URL: https://xforums.st/threads/leaked-4gb-w2-of-us-employees-from-cpa.613836/
Screenshots:
None
Threat Actors: oyondo
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Russian Educational Institution by YamiFool (TRASER SEC TEAM)
Category: Defacement
Content: On May 15, 2026, a threat actor known as YamiFool, operating under the group TRASER SEC TEAM, defaced a page on the Russian educational website dou-shkola.ru. The incident targeted a specific subpage (alva.html) rather than the homepage, indicating a targeted single-page defacement. No specific motive or proof of concept was disclosed alongside the attack.
Date: 2026-05-14T19:47:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922412
Screenshots:
None
Threat Actors: YamiFool, TRASER SEC TEAM
Victim Country: Russia
Victim Industry: Education
Victim Organization: Dou Shkola (Kindergarten/School)
Victim Site: dou-shkola.ru
Website Defacement of Russian Educational Institution by YamiFool (TRASER SEC TEAM)
Category: Defacement
Content: On May 15, 2026, threat actor YamiFool operating under TRASER SEC TEAM defaced a specific page on dou-shkola.ru, a Russian educational institution website. The attack targeted a single page (alva.html) on a Linux-based server and was not classified as a mass or home page defacement. The incident was archived via haxor.id, a known defacement mirror service.
Date: 2026-05-14T19:44:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249226
Screenshots:
None
Threat Actors: YamiFool, TRASER SEC TEAM
Victim Country: Russia
Victim Industry: Education
Victim Organization: DOU Shkola (Preschool/School Educational Institution)
Victim Site: dou-shkola.ru
Alleged data leak of Indonesian information portal
Category: Data Leak
Content: A forum post on Breached references a database allegedly associated with an Indonesian information portal. No content was available to determine the nature, scope, or authenticity of the data. Details remain unverified.
Date: 2026-05-14T19:38:19Z
Network: openweb
Published URL: https://breached.st/threads/portal-informasi-indonesia.87116/unread
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Indonesia.go.id by Brotherhood Capung Indonesia
Category: Defacement
Content: Brotherhood Capung Indonesia (BCI) claims to have compromised and leaked content from the Indonesian government portal (indonesia.go.id). The post includes a forwarded message with photo evidence and uses hashtags indicating a portal information leak.
Date: 2026-05-14T19:31:36Z
Network: telegram
Published URL: https://t.me/brotheroodbci/119
Screenshots:
None
Threat Actors: Brotherhood Capung Indonesia
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Government
Victim Site: indonesia.go.id
Sale of Germany combo list with 3,348 email:password pairs
Category: Combo List
Content: A threat actor shared a combo list containing 3,348 German email and password pairs, marketed as fresh and valid. The credentials were made available via an external paste link on a public forum.
Date: 2026-05-14T19:25:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Germany-Daily-Fresh-3348-Mix-Valid-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Polish email combo list with 637 credentials
Category: Combo List
Content: A threat actor shared a combo list of 637 email:password credentials targeting Polish mail accounts, marketed as fresh. The list was distributed via an external paste link.
Date: 2026-05-14T19:24:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Poland-Mix-Mailaccess-637-Mix-Fresh-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German corporate combo list with 3,348 credential pairs
Category: Combo List
Content: A threat actor is offering a combo list of 3,348 email and password pairs purportedly belonging to German corporate accounts. The credentials are marketed as premium access. No specific breached organization is identified.
Date: 2026-05-14T19:24:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Germany-Corporate-3348-Access-Premium-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email:password combo list
Category: Combo List
Content: A threat actor shared a mixed email:password combo list via an external paste link. The credentials are marketed as valid and fresh. No specific victim organization or breach source is identified.
Date: 2026-05-14T19:24:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Blaze-1409-Valid-Fresh-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed Business Email Credentials Shared Free
Category: Combo List
Content: A threat actor shared a combo list of 1,410 mixed business email and password credentials via an external paste link. The post was made on a public cracking forum and the credentials appear to target business accounts.
Date: 2026-05-14T19:23:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Beast-Mode-1410-Business-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of disposable RDP service with no-log browser access for Windows and Linux
Category: Services
Content: A seller operating under the handle bubblcx is advertising a commercial disposable RDP service at bubbl.cx, offering browser-based Windows and Linux remote desktop access with no email signup, crypto payment options, and a built-in WireGuard kill switch. Plans are priced from $9 to $39 per month with servers in Frankfurt, New York, and Sydney. The service is marketed as leaving no logs or recoverable traces upon session termination.
Date: 2026-05-14T19:23:33Z
Network: openweb
Published URL: https://cracked.st/Thread-bubbl-cx-Disposable-RDP-Windows-Linux-BTC-XMR-From-9-mo
Screenshots:
None
Threat Actors: bubblcx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 100 credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 100 Hotmail email credentials via an external paste link. The list is marketed as high quality. No breach of a specific organization is claimed.
Date: 2026-05-14T19:23:15Z
Network: openweb
Published URL: https://patched.to/Thread-cool-hotmail-mix-100-hq-mails-link-below
Screenshots:
None
Threat Actors: Coolconfigcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Instagram shadowban removal service offered via insider access
Category: Services
Content: A threat actor is advertising an Instagram shadowban removal service, claiming to have insider access to clear account statuses. Pricing is negotiable via private message, with a manual method also available at lower cost. Contact is facilitated through a Telegram group link.
Date: 2026-05-14T19:23:02Z
Network: openweb
Published URL: https://patched.to/Thread-v-i-p-%E2%9A%A1doing-ig-shadowban-removals-fastest-tat%E2%9A%A1
Screenshots:
None
Threat Actors: ivebtc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 3,200 credentials shared by AntMarket
Category: Combo List
Content: A threat actor known as AntMarket has shared a combo list of 3,200 Hotmail credentials, marketed as fresh and private. The content is gated behind registration or login on the forum. The post is associated with a store selling streaming, VPN, and Steam accounts.
Date: 2026-05-14T19:22:50Z
Network: openweb
Published URL: https://patched.to/Thread-v-i-p-%E2%AD%903200x-uhq-hotmails-combolist-fresh-and-private-by-antmarket%E2%AD%90
Screenshots:
None
Threat Actors: AntMarket
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A user on a leak forum is distributing a combo list of approximately 1,700 Hotmail credentials, marketed as Verity Vault drops. The content is hidden behind a registration or login wall.
Date: 2026-05-14T19:22:10Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-1700x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Verity Vault Mix Mail Drop with 2,793 credentials
Category: Combo List
Content: A threat actor is distributing a combo list marketed as Verity Vault Mix Mail Drop containing 2,793 credential pairs. The content is hidden behind a registration or login wall on the forum. No specific victim organization or targeted service is identified in the post.
Date: 2026-05-14T19:21:47Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-2793x-Verity-Vault-Mix-Mail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed combo list
Category: Combo List
Content: A forum user shared a mixed combo list for free download. No further details regarding the source, size, or targeted services were provided in the post.
Date: 2026-05-14T19:18:11Z
Network: openweb
Published URL: https://crackingx.com/threads/75276/
Screenshots:
None
Threat Actors: f1veu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list
Category: Combo List
Content: A forum user shared a mixed combo list for download on a cracking forum. No further details regarding record count, origin, or targeted services were provided in the post.
Date: 2026-05-14T19:17:53Z
Network: openweb
Published URL: https://crackingx.com/threads/75277/
Screenshots:
None
Threat Actors: f1veu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list mix distributed on cybercrime forum
Category: Combo List
Content: A user on BreachForums shared a mixed combo list available for download. The post provides minimal detail regarding the origin, record count, or targeted services.
Date: 2026-05-14T19:06:13Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%85-mix-f1veu–188828
Screenshots:
None
Threat Actors: yonatanlevin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Nakamura Holistic Therapy
Category: Data Breach
Content: A threat actor is selling an alleged 63GB+ database belonging to Nakamura Holistic Therapy, an Indonesian holistic therapy chain operating more than 38 branches. The dataset purportedly includes personal data of employees, job applicants, and partners, internal documents, WhatsApp chat photos, and financial transfer proof photos. A sample SQL file has been made available via an external download link.
Date: 2026-05-14T19:02:43Z
Network: openweb
Published URL: https://breached.st/threads/nakamura-co-id-database.87113/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Healthcare
Victim Organization: Nakamura Holistic Therapy
Victim Site: nakamura.co.id
Alleged data breach of Nuvidio — KYC documents, biometrics, credentials, and private keys offered for sale
Category: Data Breach
Content: A threat actor is selling an alleged breach of Nuvidio, a Brazilian video-based KYC and financial verification platform, for $12,000. The dataset purportedly includes 192 Brazilian citizens identity documents with biometric data, over 3 GB of customer video call recordings from multiple financial institutions, SSL/mTLS private keys for Banco Pan API authentication, production credentials for 30+ cloud services, AWS infrastructure files, and deepfake detection model weights. The seller claims th
Date: 2026-05-14T19:02:10Z
Network: openweb
Published URL: https://breached.st/threads/nuvidio-kyc-biometrics-access-creds-video-agreements-private-keys-6-3gb-40k-files-12k.87115/unread
Screenshots:
None
Threat Actors: xpl0itrs
Victim Country: Brazil
Victim Industry: Finance
Victim Organization: Nuvidio
Victim Site: nuvidio.com
Alleged data breach of FiveM with 30 million records
Category: Data Breach
Content: A threat actor is offering an alleged database dump attributed to FiveM, a popular GTA V multiplayer modification platform, containing 30 million records. The dataset reportedly includes emails, usernames, passwords, IP addresses, Discord IDs, dates of birth, SSNs, physical addresses, and phone numbers. A free 100,000-record sample is advertised, with contact information provided for the full dataset.
Date: 2026-05-14T19:01:17Z
Network: openweb
Published URL: https://breached.st/threads/30-million-fivem-database.87114/unread
Screenshots:
None
Threat Actors: RubiconH4ck
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: FiveM
Victim Site: fivem.net
Sale of education-themed combo list with 146,362 lines
Category: Combo List
Content: A threat actor on a cracking forum is sharing a combo list containing 146,362 email:password lines targeting educational institutions. The list is described as mixed target and formatted as email:password credentials. No specific breached organization is identified.
Date: 2026-05-14T18:50:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-146-362-Lines-%E2%9C%85-Edu-education-Combolist-Mixed-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of 145K USA combo list targeting PayPal, StubHub, AMC, Facebook, and other services
Category: Combo List
Content: A threat actor is offering a private combo list of approximately 145,000 US-based credentials, marketed as effective for credential stuffing against PayPal, StubHub, AMC, Facebook, and other services. The actual content is hidden behind a registration/login gate. No breach of any specific organization is claimed.
Date: 2026-05-14T18:49:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-145k-usa-private-base-good-on-paypal-stubhub-amc-facebook-and-many-more
Screenshots:
None
Threat Actors: WhyHappy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Express VPN PC Keys in bulk
Category: Services
Content: A forum user is selling ExpressVPN PC license keys at $1 per key, with bulk discounts available. The seller directs buyers to contact via Telegram.
Date: 2026-05-14T18:49:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Selling-Express-VPN-PC-Keys-whole-sale
Screenshots:
None
Threat Actors: rehankhan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 177K USA combo list tested on PayPal, StubHub, AMC, and Facebook
Category: Combo List
Content: A threat actor is sharing a private combo list of approximately 177,000 US-based credentials, marketed as effective for credential stuffing against PayPal, StubHub, AMC, Facebook, and other services. The content is gated behind registration or login on the forum.
Date: 2026-05-14T18:49:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-177k-usa-private-base-good-on-paypal-stubhub-amc-facebook-and-many-more
Screenshots:
None
Threat Actors: WhyHappy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DDoS-for-hire service advertised via Telegram bot
Category: DDoS
Content: A threat actor is advertising Stressium, a DDoS-for-hire service operated via a Telegram bot (@stressiumbot). The service claims to support high-performance stress testing against targets including Cloudflare and OVH-protected infrastructure, with cryptocurrency payment options and 24/7 support. Multiple subscription plans are offered.
Date: 2026-05-14T18:49:02Z
Network: openweb
Published URL: https://cracked.st/Thread-1-STRESSIUM-TELEGRAM-BOT-IN-MARKET-EASY-TO-USE-A-LOT-OF-POWER-stressiumbot
Screenshots:
None
Threat Actors: shadscoupt
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free mixed combo list targeting gaming and shopping services
Category: Combo List
Content: A threat actor shared a mixed combo list of approximately 50,000 credential pairs via a hidden forum link. The credentials are marketed as fresh and untested, targeting gaming and shopping platforms. Access requires forum registration or login.
Date: 2026-05-14T18:48:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-50k-mixed-good-combolist-%E2%9C%94%EF%B8%8F-unraped-and-fresh-lines-%E2%9C%94%EF%B8%8Fgaming-shopping-fresh-mix
Screenshots:
None
Threat Actors: Matrix432
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of University of Agriculture Pakistan staff database
Category: Data Leak
Content: A threat actor using the handle FlipperOne has leaked a staff database from the University of Agriculture Faisalabad, Pakistan, shared freely on a breach forum. The dataset includes fields such as name, gender, address, phone numbers, email addresses, qualifications, designations, and social media links. The actor indicates a Part II release containing student information in the same format is forthcoming.
Date: 2026-05-14T18:36:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%C2%A9-2026-University-of-Agriculture-Pakistan-Staff-Database-PART-1
Screenshots:
None
Threat Actors: Flipperone
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: University of Agriculture Faisalabad
Victim Site: uaf.edu.pk
Alleged data breach of Indonesian Ministry of Agriculture
Category: Data Breach
Content: A threat actor operating under the alias Kyyzo is offering for sale a claimed 243GB database from the Indonesian Ministry of Agriculture (pertanian.go.id), described as still being actively exfiltrated. The data allegedly includes institutional records, company data, internal documents, and employee data. The actor is demanding a $10,000 ransom to prevent public release of the data via their Telegram channel, and has shared sample SQL insert statements as proof.
Date: 2026-05-14T18:29:43Z
Network: openweb
Published URL: https://breached.st/threads/indonesian-ministry-of-agriculture-database-243gb.87112/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Ministry of Agriculture
Victim Site: pertanian.go.id
Sale of META Stealer logs from Spain
Category: Logs
Content: A threat actor is sharing 500 META Stealer logs originating from Spain, collected from Windows 10 Pro systems via Chrome 122.x. The logs include credentials, cookies, and crypto wallet data. Content is gated behind forum replies or account upgrades.
Date: 2026-05-14T18:25:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-META-Stealer-500-logs-ES
Screenshots:
None
Threat Actors: BigTuna
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 50,000+ passport and ID card records from Burkina Faso
Category: Data Leak
Content: A threat actor has leaked over 50,000 scanned passport and national ID card records attributed to Burkina Faso citizens. The dataset, totaling approximately 32 GB in PDF format, contains full PII and is being distributed freely via file-sharing links. A sample of 10 passports and 20 ID cards is offered for verification.
Date: 2026-05-14T18:22:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Fresh-2025-2026-50k-passport-ID-card-records
Screenshots:
None
Threat Actors: smiro662
Victim Country: Burkina Faso
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of union-prof-asso.fr
Category: Data Leak
Content: A threat actor using the handle ChimeraZ has leaked an alleged database dump from union-prof-asso.fr, a French professional union and association platform. The dataset contains approximately 11,000 records in JSON format totaling 8.6 MB, including document names and download metadata with names and academic email addresses. The data has been made available via multiple file-sharing links.
Date: 2026-05-14T18:21:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-11K-Union-prof-asso-fr
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: Union-prof-asso.fr
Victim Site: union-prof-asso.fr
Alleged data leak of Collège de France
Category: Data Leak
Content: A threat actor has freely leaked a database purportedly belonging to college-de-france.fr and scripta.college-de-france.fr. The dataset, totaling approximately 835 MB in JSON and PDF formats, contains personal data including names, email addresses, mobile numbers, institutional affiliations, and office locations. Sample records show entries associated with faculty and researchers at the Collège de France.
Date: 2026-05-14T18:21:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-1-6K-College-de-france-fr
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: Collège de France
Victim Site: college-de-france.fr
Combo List distribution via Telegram channel
Category: Combo List
Content: A user on Cracked.st shared a ULP (URL:Login:Password) combo list dated May 13, 2026, directing recipients to a Telegram channel for access. No additional details regarding the source, record count, or targeted services were provided.
Date: 2026-05-14T18:15:01Z
Network: openweb
Published URL: https://cracked.st/Thread-ULP-TXT-LOG-13-05-26
Screenshots:
None
Threat Actors: ULPTXT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 196,829 credentials
Category: Combo List
Content: A combo list containing approximately 196,829 email and password pairs targeting Hotmail accounts across .com, .fr, and .es domains was shared on a cracking forum. The list is marketed as a social target combolist, likely intended for credential stuffing attacks.
Date: 2026-05-14T18:14:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-196-829-hotmail-com-fr-es-Social-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed Mail Access Combo List
Category: Combo List
Content: A threat actor is distributing a combo list advertised as mixed mail access credentials, marketed as private and fresh. The content is hidden behind a registration or login requirement on the forum. No record count or targeted service details are specified in the visible post.
Date: 2026-05-14T18:14:14Z
Network: openweb
Published URL: https://patched.to/Thread-mixed-%E2%9A%A1mail-access-full-private-fresh-302366
Screenshots:
None
Threat Actors: itswolfx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list marketed as high-quality hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 8,000 Hotmail credentials marketed as high-quality hits. The content is hidden behind a registration/login wall on the forum. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-14T18:13:42Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-8k-hq-hotmail-hit-%E2%9C%85-302370
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged WordPress credentials or database dump
Category: Combo List
Content: A forum user shared a post in the Combolists & Dumps section referencing WordPress credentials or data, directing users to a Telegram channel for access. The actual content is hidden behind a login wall, limiting visibility into the scope or nature of the data.
Date: 2026-05-14T18:12:16Z
Network: openweb
Published URL: https://crackingx.com/threads/75270/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of USA combo list on cracking forum
Category: Combo List
Content: A forum user on CrackingX shared a USA-based combo list, designated X9779, in the Combolists & Dumps section. The content is hidden behind a registration requirement, limiting visibility into the datasets scope or origin.
Date: 2026-05-14T18:11:56Z
Network: openweb
Published URL: https://crackingx.com/threads/75274/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 708K URL-login-password credentials shared on cracking forum
Category: Combo List
Content: A combo list containing approximately 708,000 URL-login-password credential pairs was shared on a cracking forum. The content is accessible to registered users. No specific victim organization or targeted service is identified in the post.
Date: 2026-05-14T18:11:36Z
Network: openweb
Published URL: https://crackingx.com/threads/75275/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Argentinian trade company mail system
Category: Initial Access
Content: A threat actor is offering for sale access to the headquarters operations email of an undisclosed large international and national trade company based in Argentina. The seller claims to provide proof upon request via private message. No further details about the organization or access method have been disclosed.
Date: 2026-05-14T18:06:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-ARGENTINIAN-HQ-MAIL-ACCESS
Screenshots:
None
Threat Actors: allanado
Victim Country: Argentina
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of Bitcoin wallet cracking and credential logging tool
Category: Malware
Content: A threat actor is distributing a tool called Bitcoin_Finder_Tool advertised as a cryptocurrency wallet cracker. The tool allegedly scans for wallets with non-zero balances and logs wallet credentials to a local folder upon discovery. The post includes installation instructions and download links.
Date: 2026-05-14T17:57:24Z
Network: openweb
Published URL: https://xforums.st/threads/bitcoin_finder_tool-main-installation.613832/
Screenshots:
None
Threat Actors: russianking007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of BIP39 Phrase Explorer Tool on Underground Forum
Category: Malware
Content: A forum post by user russianking007 references a tool titled BIP39-Phrase-Explorer-main, likely a cryptocurrency seed phrase brute-forcing or exploration utility, posted in the stealer section of an underground forum. No additional content was available in the post. Based on the thread title and forum category, the tool may be designed to compromise cryptocurrency wallets via BIP39 mnemonic phrases.
Date: 2026-05-14T17:56:32Z
Network: openweb
Published URL: https://xforums.st/threads/bip39-phrase-explorer-main.613833/
Screenshots:
None
Threat Actors: russianking007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Guatemala Ministry of Finance RGAE system
Category: Data Breach
Content: A threat actor claims to have compromised the RGAE system of Guatemalas Ministry of Finance by exploiting IDOR/BOLA vulnerabilities and unsecured APIs, bypassing Cloudflare and WAF protections via traffic simulation. Approximately 130,000 registration records (2020–2026) containing ID, NIT, CUI, name, address, phone, email, and organization type were extracted, along with 235,000 PDFs (324.5GB) including university degrees, tax documents, notarial acts, bank certifications, and scanned national
Date: 2026-05-14T17:44:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-RGAE-Database-2026-Guatemala-Ministry-of-Finance-130k-Records-235k-PDFs
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Guatemala
Victim Industry: Government
Victim Organization: Guatemala Ministry of Finance
Victim Site: sistema.rgae.gob.gt
Forum inquiry on combo list creation methods
Category: Alert
Content: A forum user posted a question asking how to learn to create combo lists. No specific target, data, or threat activity was described in the post.
Date: 2026-05-14T17:37:24Z
Network: openweb
Published URL: https://cracked.st/Thread-How-to-learn-Combos
Screenshots:
None
Threat Actors: SwissC90
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email combo list with mix mail access
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 686X email and password credentials described as fully valid mixed mail access, dated 14.05. The list appears to target multiple email providers and is marketed as fresh and fully valid.
Date: 2026-05-14T17:37:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-686X-Full-Valid-Mix-Mail-Access-14-05
Screenshots:
None
Threat Actors: MonoCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 2,328 email credentials for EU and US mail access
Category: Combo List
Content: A threat actor shared a combo list of 2,328 email credentials targeting mail accounts across the United States, France, Germany, and Italy. The list is marketed for mail access and distributed freely on the forum.
Date: 2026-05-14T17:36:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2-328-GOOD-COMBO-MAIL-ACCESS-EU-USA-FR-DE-IT
Screenshots:
None
Threat Actors: kccloud01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,250 valid accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 1,250 allegedly valid Hotmail credentials, dated 13 May 2026. The content is gated behind forum registration or login. No breach of Microsoft or Hotmail infrastructure is implied; these credentials are likely sourced from credential stuffing or prior breaches.
Date: 2026-05-14T17:36:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A6%A01250-hotmail-valid-access-13-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
IPTV subscription service offered on cracking forum
Category: Services
Content: A forum user is advertising a commercial IPTV subscription service offering 20,000+ live TV channels and 80,000+ VOD titles in Full HD and 4K. Pricing ranges from $3.50 per month to $23 per year, with instant activation and 24/7 support claimed. The service appears to be an unauthorized redistribution of broadcast content sold to forum members.
Date: 2026-05-14T17:36:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Reliable-IPTV-Full-HD-4K-VOD-Catch-up-Starting-at-3-5-month
Screenshots:
None
Threat Actors: Trixy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user shared a combo list containing 700 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-14T17:35:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-700x-fresh-hotmail-%E2%9A%A1%E2%9A%A1-302355
Screenshots:
None
Threat Actors: Pirate999
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email access combo list with 23,000 credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 23,000 mixed email account credentials on a dark web forum. The content is hidden behind a registration or login requirement. No specific victim organization or targeted service is identified.
Date: 2026-05-14T17:35:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-23K-FRESH-MAIL-ACCESS-MIX
Screenshots:
None
Threat Actors: AlphaCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Comcast-targeted combo list with 127K credentials
Category: Combo List
Content: A threat actor is distributing and selling a combo list of approximately 127,000 credentials targeted at Comcast users. The post advertises email:password and user:password combo lists spanning multiple regions including USA, UK, France, Germany, and others. The actor promotes additional combo list sales via Telegram.
Date: 2026-05-14T17:34:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-127K-COMCAST-TARGETED-COMBOLIST–204044
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combo list with 105,292 lines
Category: Combo List
Content: A threat actor on DemonForums is distributing a mixed email:password combo list containing 105,292 lines, marketed as fresh. The content is gated behind registration or login. The actor also promotes a Telegram channel for additional data sharing.
Date: 2026-05-14T17:34:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-105-292-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list with 35,000 credentials
Category: Combo List
Content: A threat actor is sharing a mixed mail access combo list containing approximately 35,000 email and password pairs. The content is hidden behind a forum registration or login wall. No specific breached organization is identified.
Date: 2026-05-14T17:34:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-35K-MIXED-MAIL-ACCESS-GOODS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency seed phrase extraction and auditing tool
Category: Malware
Content: A threat actor is advertising a tool called SeedVault Integrity Sentinel framed as a cryptographic seed phrase auditor. The tool appears designed to extract or validate cryptocurrency wallet mnemonic recovery phrases, likely functioning as a crypto-stealing utility targeting digital asset holders. The post directs prospective buyers to external contact channels for purchase.
Date: 2026-05-14T17:29:30Z
Network: openweb
Published URL: https://xforums.st/threads/cryptonomic-seed-vault-integrity-auditor.613830/
Screenshots:
None
Threat Actors: russianking007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or Distribution of BTC Recovery Assistant Malware Tool
Category: Malware
Content: A forum post titled BTC-Recovery-Assistant-main was shared in a malware discussion forum by user russianking007. Based on the thread title, the post likely involves a tool marketed as a Bitcoin recovery assistant, which may function as malware targeting cryptocurrency users. No content was available for further analysis.
Date: 2026-05-14T17:28:55Z
Network: openweb
Published URL: https://xforums.st/threads/btc-recovery-assistant-main.613831/
Screenshots:
None
Threat Actors: russianking007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Instagram private account viewing method
Category: Services
Content: A threat actor is selling an alleged method for viewing private Instagram accounts for $500, accepting cryptocurrency payments only. The seller claims the method is fully functional and limits sales to two buyers. No technical details are provided.
Date: 2026-05-14T17:21:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Instagram-Private-Account-Viewing-Metods-100
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 17K Hotmail Italy Email/Password Credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 17,000 Hotmail Italy (.it) email and password pairs on a cybercrime forum. The content is gated behind registration or login. No specific breach source is attributed.
Date: 2026-05-14T17:16:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-it-17K-Email-Pass–188817
Screenshots:
None
Threat Actors: hansa__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 18,000 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list containing 18,000 Hotmail email and password pairs on a cybercrime forum. The content is gated behind registration or login. This list is likely intended for credential stuffing against Hotmail or other services.
Date: 2026-05-14T17:14:48Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-18K-Email-Pass
Screenshots:
None
Threat Actors: hansa__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail credential hits including Hotmail
Category: Combo List
Content: A threat actor is distributing a combo list of 3,469 mixed email credentials, including Hotmail accounts, marketed as valid hits. The post references private cloud storage and directs interested parties to a Telegram contact for download.
Date: 2026-05-14T17:12:38Z
Network: openweb
Published URL: https://crackingx.com/threads/75264/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a Hotmail combo list advertised as high-quality and freshly sourced, with a claimed daily supply of 4,000 to 12,000 credentials. The listing emphasizes private, encrypted access through a members-only network and markets the credentials as optimized for credential stuffing.
Date: 2026-05-14T17:12:19Z
Network: openweb
Published URL: https://crackingx.com/threads/75265/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised PayPal accounts with balances
Category: Carding
Content: A threat actor is selling verified PayPal accounts with balances ranging from $2,000 to $10,000, priced between $150 and $600. Each account includes the associated email address, PayPal password, and SOCKS proxy IP. The accounts are advertised as suitable for shopping and instant transfers.
Date: 2026-05-14T17:11:02Z
Network: openweb
Published URL: https://breached.st/threads/verified-paypal-account-with-funds-instant-paypal-transfer-100-legit.87110/unread
Screenshots:
None
Threat Actors: theblackops
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: paypal.com
Free distribution of stealer logs and ULP credential data
Category: Logs
Content: A threat actor is distributing stealer logs and URL:Login:Password (ULP) credential data via file-sharing links on a dark web forum. The content is password-protected and made available for free. No specific victim organization or country is identified.
Date: 2026-05-14T17:06:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-STEALER-LOGS-AND-U-L-P-14-05-2026
Screenshots:
None
Threat Actors: watercloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged critical vulnerability disclosure in juritravail website by LunarisSec
Category: Vulnerability
Content: LunarisSec, a threat actor group based in Algeria, claims to have discovered a critical security flaw in the official website of juritravail (French labor law resource). The group states they reported the vulnerability and indicates intent to take further action, framing it as assistance to France due to high cyberattack prevalence. Group provides X/Twitter link for verification.
Date: 2026-05-14T17:04:27Z
Network: telegram
Published URL: https://t.me/c/3733257070/58
Screenshots:
None
Threat Actors: LunarisSec
Victim Country: France
Victim Industry: Legal/Labor Information Services
Victim Organization: juritravail
Victim Site: juritravail.com
Alleged defacement and compromise of multiple Chilean websites by Pharaohs Team
Category: Defacement
Content: Pharaohs Team has claimed compromise of 9 Chilean websites including narbus.cl, zosepcar.cl, decorachic.cl, sombrerosdelpiano.cl, brega.cl, cptln.cl, destinopatagonia.cl, ingmataquito.cl, and winetravelchile.co/com. Domains marked as #S0LD indicating potential sale or defacement of compromised assets.
Date: 2026-05-14T16:59:04Z
Network: telegram
Published URL: https://t.me/Pharaoh_e/20
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: narbus.cl, zosepcar.cl, decorachic.cl, sombrerosdelpiano.cl, brega.cl, cptln.cl, destinopatagonia.cl, ingmataquito.cl, winetravelchile.co
Combo List targeting German social and shopping platforms
Category: Combo List
Content: A threat actor shared a combo list containing 693,194 email:password lines reportedly targeting German social media and shopping platforms. The credentials are marketed as high-quality. No specific breached organization is identified.
Date: 2026-05-14T16:54:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-693-194-Lines-%E2%9C%85-Social-and-Shopping-Target-Germany-HQ-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:login:password combo list
Category: Combo List
Content: A forum user is freely distributing a URL:login:password combo list dated May 14, 2026, described as a new update. The poster indicates additional updates and email list uploads are contingent on community engagement.
Date: 2026-05-14T16:54:09Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-14-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-2
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:login:password combo list
Category: Combo List
Content: A threat actor on a cracking forum is distributing a URL:login:password combo list dated May 14, 2026, labeled as a new update with more updates promised. The post solicits community engagement in exchange for continued uploads including email credentials.
Date: 2026-05-14T16:53:45Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-14-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-1
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:login:password combo list
Category: Combo List
Content: A threat actor is freely distributing a URL:login:password combo list dated May 14, 2026, described as a new update (Part 3). The post indicates additional updates and email credential dumps will follow based on community engagement.
Date: 2026-05-14T16:53:24Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-14-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-3
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Claude Pro/Max account upgrades and shared access
Category: Services
Content: A threat actor is selling Claude Pro/Max account upgrades, new accounts, and shared access via an automated storefront. The seller advertises availability through a Telegram channel and Discord handle.
Date: 2026-05-14T16:53:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Claude-PRO-MAX-UPGRADE-NEW-Shared
Screenshots:
None
Threat Actors: Brave_Heart
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential data service including combo lists, logs, configs, and checkers
Category: Services
Content: A threat actor is advertising a data service offering mail/password combinations, private logs, ULP lists, checker configs, and source code. The service includes tutorials and 24/7 support, marketed as a revenue-sharing partnership model. Access is offered via Telegram.
Date: 2026-05-14T16:52:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Helping-You-Make-Money-With-My-Data
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of mixed email credential hits
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list of 3,974 mixed email credentials. The post links to an external paste site hosting the credential hits, marketed as premium.
Date: 2026-05-14T16:52:12Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-3974x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2294746
Screenshots:
None
Threat Actors: Capsen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen CVV and credit card fullz
Category: Carding
Content: A threat actor is advertising the sale of stolen credit card fullz including card number, expiration date, CVV2, cardholder name, and billing details. Cards are claimed to be live and valid, with coverage spanning the US, UK, Canada, Australia, Japan, and China. The seller offers replacement guarantees for dead cards and caters to both individual buyers and resellers.
Date: 2026-05-14T16:48:08Z
Network: openweb
Published URL: https://altenens.is/threads/hello-everyone-we-are-looking-for-a-good-customers-to-buy-cvv-cc-and-do-business-long-term-cause-we-have-a-huge-cvv-cc-in-store-everyday-to-sell.2939913/unread
Screenshots:
None
Threat Actors: Wo2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hacking-for-hire services advertised on cracking forum
Category: Services
Content: A threat actor operating under the alias KingSkrupeLLoS is advertising hacking-for-hire services on a cracking forum. Offered services include website breaching, database extraction, social media and email account compromise, and cryptocurrency recovery. The actor accepts cryptocurrency payments exclusively and requests target details and budget via secure messaging channels.
Date: 2026-05-14T16:44:53Z
Network: openweb
Published URL: https://crackingx.com/threads/75258/
Screenshots:
None
Threat Actors: KingSkrupeLLoS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Login:Pass stealer log combo with 18.1 million lines
Category: Logs
Content: A threat actor shared a large collection of URL:Login:Pass credential logs containing approximately 18.155 million lines on a cybercrime forum. The content is gated behind registration or login, suggesting it is distributed freely to forum members. The data appears to be stealer log output aggregated from multiple sources.
Date: 2026-05-14T16:43:41Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-Url-Log-Pass-18-155-049-M%C4%B1ll%C4%B1on-L%C4%B1nes
Screenshots:
None
Threat Actors: Marat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for drainer, loader, and stealer malware
Category: Malware
Content: A forum user is seeking to acquire a drainer, persistence-capable loader, and stealer malware. The post is a buyer request, not a sale offer.
Date: 2026-05-14T16:41:41Z
Network: openweb
Published URL: https://tier1.life/thread/222
Screenshots:
None
Threat Actors: $€0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of tiara.co.kr (South Korea)
Category: Data Leak
Content: A threat actor has leaked an alleged database dump from tiara.co.kr, a South Korean website. The sample data includes fields such as user IDs, plaintext passwords, national identification numbers, birthdates, phone numbers, addresses, and email addresses. The data is being made available for free via a hidden download link on a breach forum.
Date: 2026-05-14T16:38:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-tiara-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Tiara
Victim Site: tiara.co.kr
Alleged data leak of South Korean organization kocosa.co.kr
Category: Data Leak
Content: A threat actor has made available what is claimed to be a database associated with kocosa.co.kr, a South Korean website. The data is shared freely via a hidden download link accessible to registered forum members. No further details regarding record count or data fields are provided in the post.
Date: 2026-05-14T16:38:06Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-kocosa-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kocosa.co.kr
Alleged data leak of South Korean organization hanarologis.co.kr
Category: Data Leak
Content: A threat actor has shared what is claimed to be a database belonging to hanarologis.co.kr, a South Korean organization. The data is available for download to registered forum members. No record count or data field details are provided in the post.
Date: 2026-05-14T16:36:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-hanarologis-co-kr%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Hana Rologis
Victim Site: hanarologis.co.kr
Sale of valid USA email access credentials combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,900 claimed valid full mail access credentials, primarily targeting USA-based accounts with additional EU and corporate entries. The list is advertised as fully valid and is shared via a Telegram channel with daily updates.
Date: 2026-05-14T16:34:10Z
Network: openweb
Published URL: https://crackingx.com/threads/75253/
Screenshots:
None
Threat Actors: bigdatacombos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 38,000 credentials
Category: Combo List
Content: A mixed combo list containing approximately 38,000 credential pairs has been posted on a cracking forum. The content is behind a login wall and full details are not visible. No specific victim organization or service is identified.
Date: 2026-05-14T16:33:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75255/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list marketed as fresh and checked
Category: Combo List
Content: A threat actor is distributing a mixed email combo list described as fresh and verified. The post offers a download link with minimal detail about the source or volume of credentials.
Date: 2026-05-14T16:33:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75256/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access credentials and combo lists across multiple countries
Category: Initial Access
Content: Threat actor @EngineeringPhantom is offering mail access credentials, configuration files, scripts, tools, and combo lists (credential dumps) for multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Post includes PROOFLIVE/TESTON claims indicating live proof of access availability.
Date: 2026-05-14T16:32:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/81492
Screenshots:
None
Threat Actors: EngineeringPhantom
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of tiscali.it credentials with 12K email/password pairs
Category: Combo List
Content: A combo list containing approximately 12,000 email and password pairs associated with tiscali.it accounts has been shared freely on a criminal forum. The content is hidden behind a registration or login requirement.
Date: 2026-05-14T16:32:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-tiscali-it-12K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 12K email/password pairs freely shared
Category: Combo List
Content: A threat actor shared a combo list containing approximately 12,000 Hotmail email and password pairs on a cybercrime forum. The content is gated behind forum registration or login. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-14T16:32:01Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-12K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Yahoo credentials (12K)
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 12,000 Yahoo email and password pairs on a public forum. The content is hidden behind a registration/login wall. This is a credential stuffing list and does not represent a breach of Yahoos infrastructure.
Date: 2026-05-14T16:30:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Yahoo-12K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 13K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 13,000 Hotmail email and password pairs on a public forum. The content is gated behind registration or login. This list is intended for credential stuffing and is not indicative of a direct breach of Hotmail or Microsoft.
Date: 2026-05-14T16:28:46Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-13K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 14K email/password pairs shared for free
Category: Combo List
Content: A threat actor shared a combo list containing approximately 14,000 Hotmail email and password pairs on BreachForums. The content is available to registered forum members at no cost. This list is intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-14T16:27:04Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-14K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 15K Hotmail.fr Email/Password Credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 15,000 Hotmail.fr email and password pairs on a cybercrime forum. The content is available to registered forum members at no stated cost.
Date: 2026-05-14T16:25:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-fr-15K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,497 hits
Category: Combo List
Content: A threat actor is distributing a combo list of 1,497 purportedly valid Hotmail credentials. The post advertises the list as premium hits stored on a private cloud, with mixed mail formats. Contact is offered via Telegram handle alphaaxd.
Date: 2026-05-14T16:23:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1497x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Virgilio.it with 16K email/password pairs
Category: Combo List
Content: A combo list containing approximately 16,000 email and password pairs associated with virgilio.it accounts was shared on BreachForums. No additional details are available as the post contains no content beyond the thread title.
Date: 2026-05-14T16:21:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-virgilio-it-16K-Email-Pass–188812
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 16K Email/Password Credentials for Alice.it
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 16,000 email and password pairs associated with Alice.it accounts. The content is hidden behind a forum registration/login wall and distributed for free.
Date: 2026-05-14T16:19:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Alice-it-16K-Email-Pass–188811
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free RDP/VPS acquisition method shared on forum
Category: Services
Content: A forum user is sharing a method to obtain free RDP/VPS access, gated behind a reply requirement. The post does not specify a victim or target organization. The content appears to be a service or tutorial offering rather than a breach claim.
Date: 2026-05-14T16:16:42Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonexclamation-markfree-rdp-vpsexclamation-markcheck-mark-button-high-voltageget-them-for-free-high-voltagecomet2026-methodcomet.2939838/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 3,500 Fresh Hotmail Credential Hits
Category: Combo List
Content: A threat actor is distributing a combo list of 3,500 Hotmail credential hits, marketed as fresh and private. Access to the list is gated behind a forum reply requirement.
Date: 2026-05-14T16:15:49Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttoncheck-mark-button-3500x-fresh-private-hotmail-hits-check-mark-button-check-mark-button.2939859/unread
Screenshots:
None
Threat Actors: Angiecrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloned ATM cards, stolen credit card dumps, and fraudulent payment transfers
Category: Carding
Content: A threat actor operating under the alias theblackops / ColdApollo is selling stolen credit card dumps with PINs (Track 1 & 2), cloned ATM cards with varying balances, raw CC+CVV data with fullz across multiple countries (US, UK, CA, AU, EU), and fraudulent PayPal and Western Union transfers. Prices range from $15 per card to $900 for large Western Union transfer MTCNs. Sample dump records referencing Barclays, Natixis, CIBC, and Commonwealth Bank are included as proof of stock.
Date: 2026-05-14T16:08:35Z
Network: openweb
Published URL: https://breached.st/threads/legit-paypal-transfers-verified-paypal-accounts-legit-western-union-fast-atm-cloned-cards-delivery-with-tracking.87109/unread
Screenshots:
None
Threat Actors: theblackops
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh database credentials from multiple countries and e-commerce platforms
Category: Combo List
Content: Threat actor offering compromised databases and credentials from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with access to popular e-commerce and service platforms including eBay, Amazon, Uber, PSN, Booking, Poshmark, Alibaba, Walmart, Mercari, and Kleinanzeigen. Seller claims to have private cloud infrastructure and valid webmail accounts. Offering to search for specific keywords and platforms upon request.
Date: 2026-05-14T16:05:39Z
Network: telegram
Published URL: https://t.me/c/2613583520/81464
Screenshots:
None
Threat Actors: Num
Victim Country: Unknown
Victim Industry: E-commerce, Technology, Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Combo List giveaway of free credentials
Category: Combo List
Content: A forum user is distributing free credentials in a giveaway post. No additional details about the source, volume, or targeted services are provided in the post content.
Date: 2026-05-14T16:02:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-GIVEAWAY-FREEBIES-Credentials
Screenshots:
None
Threat Actors: chechnyafsbc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Unidentified forum post with no extractable threat content
Category: Alert
Content: The forum post contains no readable content beyond exclamation marks. No threat indicators, victim information, or data claims could be extracted.
Date: 2026-05-14T16:00:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE–76470
Screenshots:
None
Threat Actors: AshleyWood2022
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency-related email lead databases
Category: Data Breach
Content: A threat actor is selling multiple cryptocurrency-related email lead databases, including a 231MB dataset attributed to VOREX USA and a 527K-record worldwide crypto email database. The seller is accepting offers via private message or Telegram.
Date: 2026-05-14T16:00:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CRYPTO-LEADS-DATA-USA-AND-AROUND-THE-WORLD
Screenshots:
None
Threat Actors: OxO
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Iraq 2025-2026 census data
Category: Data Breach
Content: A threat actor is offering for sale data allegedly obtained from Iraqs 2025-2026 national census. The post includes a sample image and directs interested buyers to a Telegram contact for pricing. The breached organization and exact record count are not specified.
Date: 2026-05-14T15:59:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Iraq-s-2025-2026-census-data
Screenshots:
None
Threat Actors: OxO
Victim Country: Iraq
Victim Industry: Government
Victim Organization: Iraqi Census Authority
Victim Site: Unknown
Alleged sale of valid email account access to multiple platforms (Hotmail, Yahoo, Reddit, eBay, Uber, etc.)
Category: Initial Access
Content: Threat actor offering fresh and valid compromised email account access to multiple platforms including Hotmail, Yahoo, Reddit, Grailed, Vinted, Kleinanzeigen, Walmart, Marriott, Poshmark, eBay, and Uber. Claims accounts are targeted, uncompromised quality, and available for USA, UK, CA and other regions. Soliciting direct messages for keyword-specific searches.
Date: 2026-05-14T15:55:02Z
Network: telegram
Published URL: https://t.me/c/2613583520/81473
Screenshots:
None
Threat Actors: Yuze
Victim Country: Unknown
Victim Industry: Multiple (e-commerce, email, travel, social platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak giveaway with no disclosed details
Category: Data Leak
Content: A forum user posted a Free Giveaway thread on a known leak forum containing only a hyperlink with no additional context. No victim, data type, or record count was disclosed in the post.
Date: 2026-05-14T15:53:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Free-Giveaway–2093777
Screenshots:
None
Threat Actors: kaduubreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting South Africa
Category: Combo List
Content: A user on Cracked forum shared what appears to be an email and password combo list associated with South Africa. No further details about record count or data source were provided in the post.
Date: 2026-05-14T15:53:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-SOUTH-AFRICA–2093762
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free credential list giveaway
Category: Combo List
Content: A forum user is freely distributing a set of credentials as a giveaway. The post contains minimal detail, with no indication of the source, targeted service, or number of records included.
Date: 2026-05-14T15:53:28Z
Network: openweb
Published URL: https://cracked.st/Thread-GIVEAWAY-FREEBIES-More-Credentials
Screenshots:
None
Threat Actors: kaduubreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a free Hotmail combo list on a cracking forum. The post contains a download link with no additional details regarding record count or origin.
Date: 2026-05-14T15:53:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Hotmail-free
Screenshots:
None
Threat Actors: junior19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of crypto leads database including Vorex USA and worldwide email data
Category: Data Breach
Content: A threat actor is selling multiple crypto leads datasets, including a Vorex USA dataset (231MB) and a worldwide cryptocurrency email database of approximately 527,000 records (27MB). The seller is accepting offers via private message or Telegram.
Date: 2026-05-14T15:52:50Z
Network: openweb
Published URL: https://cracked.st/Thread-CRYPTO-LEADS-DATA-VOREX-USA-AND-AROUND-THE-WORLD
Screenshots:
None
Threat Actors: Meowl
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Vorex
Victim Site: Unknown
Sale of 10K mixed mail access combo list
Category: Combo List
Content: A forum post advertises 10,000 mixed mail access credentials. The post is listed under a combolist forum section, suggesting these are harvested email credentials intended for credential stuffing or account takeover activity. No further details are available from the post content.
Date: 2026-05-14T15:52:44Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%9010K-MIXED-MAIL-ACCESS-%E2%AD%90–2093766
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail mail access distributed on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 930 Hotmail mail access credentials on a cybercrime forum. The post describes the data as old and markets it as VIP Cloud access. The content is gated behind forum registration or login.
Date: 2026-05-14T15:51:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%AAx930-hotmail-mail-access%F0%9F%8D%AA%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 30K fresh email access credentials
Category: Combo List
Content: A threat actor shared a collection of approximately 30,000 email access credentials via an external paste link. The post markets the credentials as fresh mail access. No specific email provider or victim organization is identified.
Date: 2026-05-14T15:51:01Z
Network: openweb
Published URL: https://nulledbb.com/thread-30K-FRESH-MAIL-ACCESS-PIKACHU–2294671
Screenshots:
None
Threat Actors: Capsen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting China-based accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 16,000 credentials via an external paste link, marketed as China-region accounts and dated May 7, 2026.
Date: 2026-05-14T15:50:44Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-16-K-Combo-%E2%9C%AA-China-%E2%9C%AA-7-MAY-2026-%E2%9C%AA–2294693
Screenshots:
None
Threat Actors: Capsen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs containing 6,912 full records
Category: Logs
Content: A threat actor shared a collection of 6,912 stealer log records via an external paste link on a cracking forum. The post is attributed to the DAXUS.PRO platform and marketed as fresh private logs for April. No specific victim organization or country is identified.
Date: 2026-05-14T15:50:40Z
Network: openweb
Published URL: https://nulledbb.com/thread-FRESH-PRIVATE-APRIL-6912-FULL-STEALER-LOGS-DAXUS-PRO–2294684
Screenshots:
None
Threat Actors: Capsen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Portuguese email:password credentials freely shared
Category: Combo List
Content: A threat actor shared a combo list of over 90,000 email:password pairs targeting Portuguese users, made available via an external paste link. The credentials are marketed as fresh, dated June 5, 2026.
Date: 2026-05-14T15:50:24Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-90-K-%E2%9C%A6-Portugal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6–2294724
Screenshots:
None
Threat Actors: Capsen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free USA email:password combo list
Category: Combo List
Content: A user shared a link to a USA-based email:password combo list on a cracking forum. The list is hosted on an external paste site and made available for free. No specific breached organization or record count was disclosed.
Date: 2026-05-14T15:50:19Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-USA-EMAILPASS-COMBOLIST-SHROUD20-txt–2294703
Screenshots:
None
Threat Actors: Capsen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 3,880 credentials
Category: Combo List
Content: A threat actor shared a combo list containing 3,880 Hotmail credentials, marketed as fresh. The content is gated behind registration or login on the forum.
Date: 2026-05-14T15:49:45Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A13880x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ email credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 1,937 valid Hotmail and mixed email credentials. The content is gated behind registration or login on the forum, with contact via Telegram for access.
Date: 2026-05-14T15:49:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1937-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised Hotmail accounts and private cloud database access with geo-specific data
Category: Logs
Content: Threat actor offering sale of access to private cloud database containing compromised Hotmail email accounts and personal data sets organized by country (FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SG, etc.). Also advertising access to account data from platforms including Walmart, eBay, Kleinanzeigen, Uber, and Poshmark. Buyer can contact via Telegram handle provided.
Date: 2026-05-14T15:44:10Z
Network: telegram
Published URL: https://t.me/c/2613583520/81467
Screenshots:
None
Threat Actors: Yhōu
Victim Country: Multiple countries (France, Italy, Brazil, United Kingdom, United States, Japan, Poland, Russia, Spain, Mexico, Canada, Singapore)
Victim Industry: Technology, E-commerce, Ride-sharing, Social Commerce
Victim Organization: Unknown
Victim Site: hotmail.com, walmart.com, ebay.com, uber.com, poshmark.com, kleinanzeigen.de
Sale of iCloud email:password combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 7,000 iCloud email and password pairs on a cybercrime forum. The content is gated behind registration or login. iCloud is the credential-stuffing target, not the breach source.
Date: 2026-05-14T15:42:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-7K-icloud-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of t-online email combo list
Category: Combo List
Content: A combo list containing approximately 7,000 t-online email and password pairs was posted on a cybercrime forum. The credentials are formatted as email:password combinations and appear to target t-online users.
Date: 2026-05-14T15:40:47Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-7K-t-online-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 7,000 Email and Password Pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 7,000 email and password pairs on a cybercrime forum. The credentials are marketed as fresh and are accessible to registered forum members. No specific target organization or service is identified.
Date: 2026-05-14T15:39:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-7K-Fresh-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting tin.it email accounts
Category: Combo List
Content: A combo list containing approximately 8,400 tin.it email address and password pairs was shared on a cybercrime forum. The post was made by user zubicks on BreachForums. No additional details about the origin or quality of the credentials were available.
Date: 2026-05-14T15:38:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-8-4K-tin-it-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 8.8K Hotmail .es Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 8,800 Hotmail .es email and password pairs on a cybercrime forum. The content is hidden behind a registration or login requirement. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-14T15:37:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-8-8K-Hotmail-es-Email-Pass–188798
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combolist yahoo 10K Email / Pass
Category: Combo List
Content: New thread posted by zubicks: Combolist yahoo 10K Email / Pass
Date: 2026-05-14T15:37:05Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-yahoo-10K-Email-Pass–188799
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 11.7K Mixed Email/Password Credentials
Category: Combo List
Content: A threat actor has shared a mixed combolist containing approximately 11.7K email and password pairs on a public forum. The content is available to registered forum members at no stated cost.
Date: 2026-05-14T15:35:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Mixed-11-7K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo Italy combo list with 12K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 12,000 email and password pairs associated with Yahoo Italy (yahoo.it) accounts. The post was made on BreachForums under the combolists section. No additional details are available as the post content was not captured.
Date: 2026-05-14T15:33:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-yahoo-it-12K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.2K Fresh Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,200 Hotmail credentials, marketed as fresh and high quality. The post is dated 14.05 and requires forum registration or login to access the hidden content.
Date: 2026-05-14T15:31:56Z
Network: openweb
Published URL: https://breachforums.rs/Thread-1-2-K-Fresh-Hotmail-Hirs-Just-Top-Quality-14-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised Brazilian government email accounts (State of Acre)
Category: Initial Access
Content: A threat actor is offering 100 Brazilian government email accounts belonging to the State of Acre for sale on BreachForums. The seller is negotiating price and quantity via private messaging on the Session messaging platform. Proof of access has been shared via an external image link.
Date: 2026-05-14T15:25:15Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELL-100-EMAILS-OF-BRAZILIAN-GOV
Screenshots:
None
Threat Actors: exclode
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Government of the State of Acre
Victim Site: Unknown
Alleged data leak of daouwood.co.kr
Category: Data Leak
Content: A forum post claims a database leak affecting daouwood.co.kr, a South Korean organization. No further details are available as the post contains no content.
Date: 2026-05-14T15:22:07Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Leak-in-SouthKorea-Database-daouwood-co-kr
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Daouwood
Victim Site: daouwood.co.kr
Alleged data leak of South Korean website treethink.kr
Category: Data Leak
Content: A threat actor leaked an alleged database dump from the South Korean website treethink.kr, made available for free download. The dataset contains approximately 100,000 records including usernames, full names, hashed passwords, email addresses, phone numbers, and physical addresses. The data appears to be structured user registration records.
Date: 2026-05-14T15:20:44Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-treethink-kr-%E2%AD%90%EF%B8%8F-100K-free-information
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: treethink.kr
Victim Site: treethink.kr
Mix combo list of 74K premium mail access credentials with fresh hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 74,000 email credentials marketed as fresh hits targeting Hotmail, Outlook, Live, and MSN accounts across US and EU regions. The post advertises daily drops of 2–4 files via a Telegram channel. Credentials are marketed as high hit rate and are likely intended for credential stuffing.
Date: 2026-05-14T15:14:28Z
Network: openweb
Published URL: https://altenens.is/threads/mix-74k-premium-mail-access-fresh-hits.2939811/unread
Screenshots:
None
Threat Actors: mailcombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail Credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,702 Hotmail credentials on a cracking forum. The post includes a download link and is marketed as high quality.
Date: 2026-05-14T15:12:28Z
Network: openweb
Published URL: https://crackingx.com/threads/75251/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 2.2K mixed email credentials
Category: Logs
Content: A threat actor shared a combo list of 2,200 allegedly valid mixed email credentials dated May 14. The list is available to registered forum members via an external link.
Date: 2026-05-14T15:10:40Z
Network: openweb
Published URL: https://xforums.st/threads/2-2k-full-valid-mail-access-mix-14-05.613826/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of HAC (Health Assurance Care) Taiwan
Category: Data Breach
Content: A threat actor claims to have breached HAC (Health Assurance Care), the consumer health supplement brand of YungShin Pharmaceuticals, one of Taiwans largest pharmaceutical companies. The actor alleges 271 records were exposed and is distributing the data via a Telegram link. No further details on specific data fields were provided in the post.
Date: 2026-05-14T15:08:10Z
Network: openweb
Published URL: https://breached.st/threads/271-hac-taiwan-breach.87105/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: Taiwan
Victim Industry: Healthcare
Victim Organization: HAC (Health Assurance Care) / YungShin Pharmaceuticals
Victim Site: happytenso.com
Alleged compromise of Austrian jewelry shop surveillance system with live camera access
Category: Initial Access
Content: Threat actor claims successful penetration of video surveillance system belonging to an Austrian gift and jewelry shop, claiming full access to four camera feeds showing real-time footage of employees, customers, display cases, and utility areas. Post includes geopolitical messaging criticizing Austrian government support for Ukraine and references operational hashtags (#OpAustria, #TimeOfRetribution). Represents claimed initial access to commercial infrastructure.
Date: 2026-05-14T15:04:05Z
Network: telegram
Published URL: https://t.me/c/3087552512/1944
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Austria
Victim Industry: Retail – Jewelry/Gifts
Victim Organization: Austrian gift and jewelry shop (unnamed)
Victim Site: Unknown
Alleged cyber attack operation against Brazilian Superior Electoral Court (TSE) by CyberTeam and NullSec Philippines
Category: Cyber Attack
Content: CyberTeam and NullSec Philippines announced the launch of Operation TSE targeting the Brazilian Superior Electoral Court (Tribunal Superior Eleitoral). The post indicates operational infrastructure activation and encrypted channels for coordinated attack activity.
Date: 2026-05-14T14:55:41Z
Network: telegram
Published URL: https://t.me/c/2590737229/1042
Screenshots:
None
Threat Actors: CyberTeam
Victim Country: Brazil
Victim Industry: Government – Electoral Authority
Victim Organization: Tribunal Superior Eleitoral (TSE)
Victim Site: tse.jus.br
Alleged sale of stolen credit card fullz and retail account credentials
Category: Combo List
Content: Threat actor operating as xiaoyuenans shop is selling stolen payment card data (fullz) at $6-8 per card with BIN selection options, and compromised retail account credentials for Shopapp, Kohls, Macys, Target, and Sams Club at $5 per account. Victims include major US retailers.
Date: 2026-05-14T14:49:19Z
Network: telegram
Published URL: https://t.me/vklmtc/190
Screenshots:
None
Threat Actors: xiaoyuenans shop
Victim Country: United States
Victim Industry: Retail
Victim Organization: Kohls, Macys, Target, Sams Club, Shopapp
Victim Site: Unknown
Alleged distribution of 10,000 credit card credentials
Category: Combo List
Content: User sharing a free download link to a credential list containing approximately 10,000 credit card records via Pixeldrain file hosting service.
Date: 2026-05-14T14:42:45Z
Network: telegram
Published URL: https://t.me/c/2613583520/81432
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged DDoS Stresser Service – GoliathStress Layer 4 & 7 Attack Tool
Category: Malware
Content: GoliathStress is being advertised as a Layer 4 and Layer 7 DDoS stresser service claiming to bypass major protection systems including Cloudflare, OVH, Hetzner, Amazon, and Akamai. The service offers custom attack methods targeting game servers (PUBG, FiveM) and heavily protected websites with extreme GBPS power. Service is actively being promoted with recruitment messaging.
Date: 2026-05-14T14:40:55Z
Network: telegram
Published URL: https://t.me/c/1669509146/98413
Screenshots:
None
Threat Actors: GoliathStress
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UUHQ ULP combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 4.3 million username:login:password (ULP) credentials, marketed as UUHQ (Ultra-Ultra High Quality) and fresh, uploaded to a private cloud within 24 to 48 hours prior to posting.
Date: 2026-05-14T14:35:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-4341032-UUHQ-100-FRESH-UUHQ-ULP-BASE-%E2%9C%A8
Screenshots:
None
Threat Actors: EViLUMiNATUS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Outlook combo list with 37,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 37,000 credentials marketed as UHQ (ultra-high quality) and fresh, targeting Outlook accounts. The post is sponsored by an AIO (all-in-one checker) service. These credentials are intended for credential stuffing against Outlook/Microsoft accounts.
Date: 2026-05-14T14:35:01Z
Network: openweb
Published URL: https://cracked.st/Thread-37K-UHQ-OUTOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list with 45,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 45,000 Yahoo credentials marketed as UHQ (ultra-high quality) and fresh. The post is sponsored by an AIO (all-in-one checker) service, suggesting the credentials are intended for credential stuffing use.
Date: 2026-05-14T14:34:42Z
Network: openweb
Published URL: https://cracked.st/Thread-45K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Brazil-targeted Hotmail combo lists and mail access credentials
Category: Combo List
Content: A threat actor is selling UHQ Hotmail combo lists targeting Brazil, advertised as fresh private inbox combos with associated logs and a mail checker tool. Access is offered via a private subscription channel, with a sample provided to registered forum members.
Date: 2026-05-14T14:34:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-pravet-brazil-%F0%9F%87%A7%F0%9F%87%B7-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Gmail combo list containing 900K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 900,000 Gmail credentials marketed as UHQ and fresh. The post is sponsored by slateaio.com, likely an account-checking tool. Gmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-14T14:34:18Z
Network: openweb
Published URL: https://cracked.st/Thread-900K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Argentina combo list with 100K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 100,000 credentials purportedly targeting Argentine users. The content is gated behind registration or login on the forum. No specific breached organization is identified.
Date: 2026-05-14T14:34:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-100k-argentina-high-quality-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany-targeted shopping combo list with 1 million lines
Category: Combo List
Content: A threat actor has shared a combo list of approximately 1 million email:password lines reportedly targeting German shopping platforms. The list is marketed as high-quality (HQ) and Germany-specific. No specific breached organization is identified.
Date: 2026-05-14T14:33:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-041-835-Lines-%E2%9C%85-Shopping-Target-HQ-Germany-De-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Italian Hotmail combo list with mail access
Category: Combo List
Content: A threat actor is selling UHQ Hotmail combo lists and mail access credentials targeting Italian users, marketed as fresh and private. The offering includes combo lists, logs, and a mail/Hotmail checker tool, available via subscription to a private channel.
Date: 2026-05-14T14:33:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-pravet-italy-%F0%9F%87%AE%F0%9F%87%B9-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany-targeted shopping combo list with 484,362 lines
Category: Combo List
Content: A threat actor is distributing a combo list of 484,362 email:password pairs described as high-quality (HQ) credentials targeting German shopping platforms. The list is shared on a public combolist forum and is likely intended for credential stuffing against German e-commerce services.
Date: 2026-05-14T14:33:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-484-362-Lines-%E2%9C%85-Shopping-Target-HQ-Germany-De-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Indonesian combo list with 142K credentials
Category: Combo List
Content: A forum user is distributing a combo list of approximately 142,000 credentials purportedly from Indonesian users, marketed as high quality and fresh. The content is hidden behind a registration or login gate. No specific breached organization is identified.
Date: 2026-05-14T14:33:21Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-142k-indonesia-hq-fresh-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list containing 78K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 78,000 Hotmail credentials marketed as ultra-high quality and fresh. The post is sponsored by vows.solutions. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-14T14:33:10Z
Network: openweb
Published URL: https://cracked.st/Thread-78K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Finance Samadhan by Terror of Nullsec Philippines
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias Terror, affiliated with the group Nullsec Philippines, defaced the website financesamadhan.com, a financial services platform. The defacement was a targeted attack leaving a file named Terror.txt on the compromised server. The incident was not categorized as a mass or home defacement, suggesting a deliberate single-target intrusion.
Date: 2026-05-14T14:33:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922396
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: India
Victim Industry: Financial Services
Victim Organization: Finance Samadhan
Victim Site: financesamadhan.com
Sale of Mexico UHQ combo list with 129K credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 129,000 credentials, described as UHQ (ultra-high quality) and targeting Mexico-based accounts. The content is gated behind forum registration or login and full details are not visible.
Date: 2026-05-14T14:32:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-129k-mexico-uhq-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mixed mail combo list containing 250K credentials
Category: Combo List
Content: A threat actor is offering a mixed mail combo list marketed as UHQ (ultra high quality) and fresh, containing approximately 250,000 credentials. The post is sponsored by slateaio.com, suggesting the list may be intended for credential stuffing use with AIO (all-in-one) checking tools.
Date: 2026-05-14T14:32:52Z
Network: openweb
Published URL: https://cracked.st/Thread-250K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 77K fresh credential hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 77,000 Hotmail, Outlook, Live, and MSN credentials marketed as fresh hits with a high hit rate. The post advertises daily drops of 2–4 files targeting US and European accounts via a Telegram channel. This appears to be a credential stuffing resource, not a breach of any single organization.
Date: 2026-05-14T14:32:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Hotmail-77k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: joye
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Japan-targeted mail combo list and Hotmail credentials
Category: Combo List
Content: A threat actor is selling Japan-targeted mail and Hotmail combo lists marketed as UHQ and fresh private mix, including inbox combos and logs. Access is offered via subscription to a private channel, with a sample provided to prospective buyers.
Date: 2026-05-14T14:32:23Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-pravet-japan-%F0%9F%87%AF%F0%9F%87%B5-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list checker tool targeting NASA accounts
Category: Combo List
Content: A threat actor is offering a credential-checking tool marketed as NASA Checker for $30/month via Telegram. The tool claims to evaluate combo lists for password strength, risk level, and prior exposure in public data breaches. It is designed to filter high-quality credentials from combo lists for potential account takeover activity.
Date: 2026-05-14T14:32:04Z
Network: openweb
Published URL: https://cracked.st/Thread-NASA-CHECKER-HQ-COMBO-CHECKER
Screenshots:
None
Threat Actors: oleganoone1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Poland-targeted Hotmail combo list
Category: Combo List
Content: A threat actor is selling UHQ Hotmail combo lists targeting Poland, advertised as fresh and private. The offering includes inbox combos, logs, and mail/Hotmail checker tools, available via subscription or direct purchase. A sample is provided to registered forum members, with full access sold through a private channel.
Date: 2026-05-14T14:31:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-pravet-poland-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged crypto email leads database containing over 180 million records
Category: Data Breach
Content: A threat actor is selling an alleged database of cryptocurrency-related email leads containing over 180 million records spanning 2019 to 2025. The data is offered in .txt and XLSX formats for $300 in cryptocurrency. The source organization(s) and origin of the data are not disclosed.
Date: 2026-05-14T14:31:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Crypto-Email-Data-Pack-2019-2025-over-180-Million-Records
Screenshots:
None
Threat Actors: taking4ever
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 323K URL:Login:Password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 323,000 URL:login:password credential pairs, marketed as fresh and high quality. The content is gated behind registration or login on the forum. No specific victim organization or sector is identified.
Date: 2026-05-14T14:31:36Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-323k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 563K URL:Login:Pass credentials distributed
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 563,000 URL:login:password credential pairs. The post markets the content as fresh and high quality. Full content is gated behind forum registration or login.
Date: 2026-05-14T14:31:19Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-563k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Columbia University Machine Learning certificate access
Category: Services
Content: A threat actor is offering a Columbia University Machine Learning I certificate for $20, compared to the official price of $199. The listing claims the certificate is verified and includes two years of access, suggesting unauthorized or fraudulent access to the universitys online learning platform.
Date: 2026-05-14T14:31:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Machine-Learning-Certificate-from-Columbia-University%C2%A0-20%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: United States
Victim Industry: Education
Victim Organization: Columbia University
Victim Site: columbia.edu
Sale of UK Hotmail combo list with private access
Category: Combo List
Content: A threat actor is selling access to a private combo list service advertising UK Hotmail credentials described as fresh and high quality. The offering includes inbox combos, logs, and a mail checker tool, available via a paid subscription through a Telegram channel.
Date: 2026-05-14T14:30:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-pravet-uk-%F0%9F%87%AC%F0%9F%87%A7-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Gemini Pro account upgrades
Category: Services
Content: A threat actor operating as AntMarket is offering Gemini Pro one-year account upgrades at heavily discounted prices ($17.99 vs. $280 retail), available via an autobuy shop. Payment is accepted via PayPal and cryptocurrency, with instant delivery advertised.
Date: 2026-05-14T14:30:45Z
Network: openweb
Published URL: https://patched.to/Thread-v-i-p-%E2%AD%90%E2%9A%A1-gemini-1-year-upgrade-17-99-%E2%9A%A1-cheapeast-upgrades-cheapeast-accounts-%E2%9A%A1-%E2%AD%90
Screenshots:
None
Threat Actors: AntMarket
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 638K URL:Login:Pass credentials leaked
Category: Combo List
Content: A threat actor has shared a combo list of approximately 638,000 URL:login:password credential pairs, marketed as fresh and high quality. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-14T14:30:20Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-638k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1-302290
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for domain-based credential lookup service
Category: Logs
Content: A forum user is requesting information about a service or website that allows searching stealer log data by domain, returning URL, login, and password combinations associated with that domain.
Date: 2026-05-14T14:29:51Z
Network: openweb
Published URL: https://leakforum.io/Thread-Domain-Search
Screenshots:
None
Threat Actors: kyzler55
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list marketed as fresh and private
Category: Combo List
Content: A threat actor is offering a combo list of 1,070 Hotmail credentials described as private and fresh. The content is gated behind registration on the forum. Contact is directed via Telegram handle @KingBaldwinXD.
Date: 2026-05-14T14:24:30Z
Network: openweb
Published URL: https://crackingx.com/threads/75247/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list shared on cracking forum
Category: Combo List
Content: A mixed combo list of approximately 38,000 unique credential pairs was shared on a cracking forum. The post requires registration or login to access the content, and no further details about the datas origin or targeted services are available.
Date: 2026-05-14T14:24:10Z
Network: openweb
Published URL: https://crackingx.com/threads/75248/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list sample
Category: Combo List
Content: A threat actor shared a sample combo list containing 2,020 Hotmail credentials on a cracking forum. The post includes a download link for the sample data. This appears to be a credential stuffing resource targeting Hotmail accounts.
Date: 2026-05-14T14:23:52Z
Network: openweb
Published URL: https://crackingx.com/threads/75249/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged reconnaissance scanning of Indonesian Ministry of Social Affairs website
Category: Cyber Attack
Content: Threat actor group BROTHERHOOD CAPUNG (BCI) conducting systematic URL scanning and reconnaissance against kemensos.go.id (Indonesian Ministry of Social Affairs). Multiple endpoints across different departments and sections being scanned, indicating potential vulnerability assessment or information gathering for targeted attack.
Date: 2026-05-14T14:16:30Z
Network: telegram
Published URL: https://t.me/brotheroodbci/118
Screenshots:
None
Threat Actors: BROTHERHOOD CAPUNG (BCI)
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kemensos (Ministry of Social Affairs)
Victim Site: kemensos.go.id
Free distribution of URL:Log:Pass combo list with 18.9 million lines
Category: Combo List
Content: A threat actor on a carding/combolist forum has freely shared a URL:Log:Pass credential list containing approximately 18.9 million lines across multiple file-hosting platforms. The dataset appears to be a stealer log-derived combolist containing URLs alongside usernames and passwords. No specific victim organization is identified.
Date: 2026-05-14T14:10:05Z
Network: openweb
Published URL: https://breached.st/threads/url-log-pass-18-911-443-million-lines.87104/unread
Screenshots:
None
Threat Actors: Markus7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SMP Negeri 4 Denpasar
Category: Data Breach
Content: A database breach affecting SMP Negeri 4 Denpasar (a junior secondary school in Denpasar, Indonesia) has been disclosed on Breachforums. The breach is being discussed by user mr-hanz-xploit on the platform, indicating potential unauthorized access to school database records.
Date: 2026-05-14T14:09:03Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/157
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMP Negeri 4 Denpasar
Victim Site: Unknown
Alleged data breach of SMP Negeri 4 Denpasar
Category: Data Breach
Content: A threat actor posted what is alleged to be a database dump from SMP Negeri 4 Denpasar, a public middle school in Bali, Indonesia. The post includes a sample section but no further details or record count are visible in the available content.
Date: 2026-05-14T14:08:57Z
Network: openweb
Published URL: https://breached.st/threads/database-smp-negeri-4-denpasar.87103/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMP Negeri 4 Denpasar
Victim Site: Unknown
Alleged Teaser Botnet DDoS Service Advertisement
Category: Malware
Content: Threat actor advertising Teaser botnet DDoS service with claimed capacity of 4.5 terabits per second UDP attacks and 3 billion packets per second. Service offers API and botnet access for conducting distributed denial-of-service attacks.
Date: 2026-05-14T13:58:52Z
Network: telegram
Published URL: https://t.me/teaserbotnet/188
Screenshots:
None
Threat Actors: Teaser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email credentials and cookies from multiple platforms
Category: Logs
Content: Threat actor offering full access to compromised mailbox credentials and cookies from victims across multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with access to various platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Mercari, Neosurf, Amazon, and Kleinanzeigen. Claims to have private cloud storage with valid webmail access and keyword-based inbox searching capabilities.
Date: 2026-05-14T13:27:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/81393
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, email, gaming, travel, financial)
Victim Organization: Unknown
Victim Site: Unknown
Free sample logs distribution by primedata
Category: Logs
Content: A threat actor operating under the handle primedata is distributing a free 1GB sample of mixed stealer logs via a Telegram channel. The post advertises a mix of mail, logs, ULP (user/login/password) data, and checkers available through the channel at t.me/primedatanet.
Date: 2026-05-14T13:27:04Z
Network: openweb
Published URL: https://cracked.st/Thread-1GB-Private-Logs-Sample-Primedatanet–2093717
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sample release of mixed logs and credentials
Category: Logs
Content: A threat actor is distributing a free 1GB sample of mixed stealer logs, mail access credentials, and ULP (URL:Login:Password) data via a Telegram channel. The post promotes a broader channel offering mixed logs, checkers, and combo lists. No specific victim organization is identified.
Date: 2026-05-14T13:27:00Z
Network: openweb
Published URL: https://cracked.st/Thread-1GB-Private-Logs-Sample-Primedatanet
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of verified LinkedIn credentials
Category: Combo List
Content: A threat actor is offering to purchase verified LinkedIn credentials in email:password and phone:password formats. The seller claims to use high-quality verification procedures and strong proxies to validate accounts, with payment calculated per successfully verified LinkedIn account at 1–20 USD via USDT TRC20.
Date: 2026-05-14T13:26:27Z
Network: openweb
Published URL: https://patched.to/Thread-nova-linkedin-request-purchase-email-password-phone-password-fresh-and-valid
Screenshots:
None
Threat Actors: ProfessorCookie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak from mo-on.cloud
Category: Data Leak
Content: A forum post references hidden content allegedly related to mo-on.cloud, dated May 26. The actual data and details are not visible as the content is gated behind registration or login.
Date: 2026-05-14T13:26:11Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%92-may26-mo-on-cloud-804
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mo-on.cloud
Victim Site: mo-on.cloud
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor on a cybercrime forum has shared a URL:Log:Pass combo list containing over 8 million lines, marketed as free. The content is gated behind forum registration or login. This appears to be part of an ongoing series (part 340) of credential list distributions.
Date: 2026-05-14T13:25:47Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-340
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of mo-on.cloud
Category: Data Leak
Content: A forum post references hidden content allegedly related to a data leak of mo-on.cloud dated May 26. The actual content is gated behind registration or login, so no further details about the nature or scope of the data are available.
Date: 2026-05-14T13:25:40Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%92-may26-mo-on-cloud-803
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mo-on.cloud
Victim Site: mo-on.cloud
Combo List: 37K Mail Access Mix
Category: Combo List
Content: A threat actor shared a combo list containing 37,000 claimed valid email account credentials, described as a mixed mail access list dated 14.05. The content is gated behind registration or login on the forum.
Date: 2026-05-14T13:25:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-37-k-full-valid-mail-access-mix-14-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list: 1,565 mixed credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list of 1,565 mixed credentials, marketed as fresh. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-14T13:24:41Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1565x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 600 credentials across multiple regions
Category: Combo List
Content: A threat actor is distributing a combo list containing 600 Hotmail credentials sourced from users in the USA, Europe, Asia, and Russia. Access to the content requires a forum reply. The list is marketed for credential stuffing against Hotmail accounts.
Date: 2026-05-14T13:22:05Z
Network: openweb
Published URL: https://altenens.is/threads/600x-hotmail-access-combo-usa-europe-asia-russian.2939731/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail combo list including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live
Category: Combo List
Content: A threat actor shared a mixed mail combo list targeting multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The content is hidden behind a reply gate and linked to a Telegram channel. No record count or sample was provided in the visible portion of the post.
Date: 2026-05-14T13:21:30Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-11.2939733/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit card fullz, dumps, and ATM track data
Category: Carding
Content: A threat actor is selling stolen credit card fullz, ATM track 1/2 dumps with PINs, and identity data including SSN, DOB, and drivers license information for US and UK cardholders. Prices range from $15 to $50 per record depending on card type and data completeness. The seller advertises via Telegram.
Date: 2026-05-14T13:19:48Z
Network: openweb
Published URL: https://altenens.is/threads/selling-100-good-cc-fullz-dumps-atm-track-1-2-pin-smtp.2939672/unread
Screenshots:
None
Threat Actors: platforms62
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of business corporate domain combo list
Category: Combo List
Content: A threat actor operating as zod is distributing a combo list containing approximately 104,296 lines of corporate domain credentials on a cracking forum. The content is gated behind a password shared via a Telegram channel.
Date: 2026-05-14T13:18:24Z
Network: openweb
Published URL: https://crackingx.com/threads/75238/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list pack (2GB+)
Category: Combo List
Content: A threat actor shared a 2GB+ mixed combo list pack via a Mega.nz link on a cracking forum. The archive password is distributed through a private Telegram channel. No specific targeted organization or service is identified.
Date: 2026-05-14T13:18:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75240/
Screenshots:
None
Threat Actors: maicolpg19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 3,460 fresh credentials
Category: Combo List
Content: A threat actor is offering a mixed combo list containing 3,460 credentials marketed as fresh. The list is partially available for free download and also offered under a tiered paid subscription model ranging from $3 for 24 hours to $100 for 3 months via a Telegram bot.
Date: 2026-05-14T13:17:48Z
Network: openweb
Published URL: https://crackingx.com/threads/75241/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List shared by threat actor zod via Telegram
Category: Combo List
Content: A threat actor identified as zod is sharing a combo list labeled VIP ULP 9 on a cracking forum. Access to the content requires registration or sign-in, with credentials distributed via a Telegram channel. No further details about the scope or targets are available from the post.
Date: 2026-05-14T13:17:29Z
Network: openweb
Published URL: https://crackingx.com/threads/75242/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo lists via PandaCloud subscription service
Category: Combo List
Content: A threat actor operating under the PandaCloud brand is offering subscription-based access to mixed email combo lists, with plans ranging from $30 per week to $500 for lifetime access. The service advertises fresh database updates on a regular basis, including private databases purportedly unused by prior buyers. Databases are distributed via Telegram and an external file-sharing link.
Date: 2026-05-14T13:17:09Z
Network: openweb
Published URL: https://crackingx.com/threads/75244/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 20K mixed mail access credentials
Category: Combo List
Content: A threat actor shared a Mega.nz link containing approximately 20,000 mixed mail access credentials. The file was posted for free on a cracking forum. No specific targeted service or origin breach was identified.
Date: 2026-05-14T13:16:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75245/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged identity documents, SSN databases, and combo lists
Category: Carding
Content: A threat actor is offering for sale a variety of data including drivers licenses, passports, SSN/SIN databases, consumer and company databases, phone and email lists, and credential combos. The seller directs potential buyers to contact them via Telegram. No specific victim organization or verified source is identified.
Date: 2026-05-14T13:12:45Z
Network: openweb
Published URL: https://xforums.st/threads/drivers-license-ssn-passports-combo-emails-databases-llc-ein-ltd.613821/
Screenshots:
None
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting German email accounts
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 34,000 German email account credentials, marketed as fresh and valid as of May 14. The content is hidden behind a forum registration or login requirement.
Date: 2026-05-14T13:10:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-34k-Germany-Fresh-Valid-Mail-Access-14-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of internal database from Taiwans Psychological Warfare Team containing 6 million citizen records
Category: Data Breach
Content: A threat actor is offering for sale an alleged internal database attributed to Taiwans Psychological Warfare Team, claimed to contain complete records of over 6 million Taiwanese residents. The dataset purportedly includes national ID numbers, registered addresses, mobile numbers, email addresses, kinship data, partial military/work records, and credit information exported in SQL and CSV formats. The seller claims three sample batches have been verified and is requesting 4.8 BTC for the complet
Date: 2026-05-14T13:08:06Z
Network: openweb
Published URL: https://xforums.st/threads/600taiwans-psychological-warfare-team-files-of-6-million-citizens.613822/
Screenshots:
None
Threat Actors: simo_colvin
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Taiwan Psychological Warfare Team
Victim Site: Unknown
Alleged defacement of Sukabumi Regency government websites by Mr.PIMZZZXploit
Category: Defacement
Content: Multiple Indonesian government websites belonging to Sukabumi Regency (sukabumikab.go.id) have been defaced with a message claiming responsibility by threat actor Mr.PIMZZZXploit. Three defaced URLs are documented, with a mirror link provided at hack-db.org.
Date: 2026-05-14T13:06:49Z
Network: telegram
Published URL: https://t.me/c/3865526389/946
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sukabumi Regency Government
Victim Site: sukabumikab.go.id
Sale of personal data including SSNs, ID documents, and financial records
Category: Carding
Content: A threat actor is offering for sale a variety of personal and financial data including ID cards, SSNs, drivers licenses, passports, bank cards, and consumer databases. The seller advertises access via Telegram. No specific victim organization or country is identified.
Date: 2026-05-14T13:01:31Z
Network: openweb
Published URL: https://crackingx.com/threads/75239/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged US investor database with personal and account data
Category: Data Breach
Content: A threat actor is offering for sale a database purportedly containing over one million records of US investors. The dataset includes investor IDs, full names, email addresses, phone numbers, dates of birth, physical addresses, and account status. Sample records reference individuals with email domains including Bank of America, Yahoo, Gmail, and AOL.
Date: 2026-05-14T12:57:58Z
Network: openweb
Published URL: https://breached.st/threads/sell-database-us-1001k-include-investor-id-first-name-ful-name-email-phone-datofbirth-addres-city-state-zipcode-country-accountstatus-active.87101/unread
Screenshots:
None
Threat Actors: 053o
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Sukabumi Regency government websites by Mr.PIMZZZXploit
Category: Defacement
Content: Two Indonesian government websites (disdukcapil.sukabumikab.go.id and kec-warungkiara.sukabumikab.go.id) were allegedly defaced with a message claiming responsibility by Mr.PIMZZZXploit. A mirror of the defaced content was posted on hack-db.org.
Date: 2026-05-14T12:57:51Z
Network: telegram
Published URL: https://t.me/c/3865526389/945
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sukabumi Regency Government (Dinas Dukcapil & Kecamatan Warung Kiara)
Victim Site: sukabumikab.go.id
Website Defacement of Vaidyaratnam Canteen by PH.PU$TURA of Crimsonsec PH
Category: Defacement
Content: The website vaidyaratnamcanteen.com was defaced by threat actor PH.PU$TURA, operating under the hacktivist group Crimsonsec PH, on May 14, 2026. The attack targeted a subdirectory of the site and was a single targeted defacement, not classified as mass or home page defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-14T12:57:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922390
Screenshots:
None
Threat Actors: PH.PU$TURA, Crimsonsec PH
Victim Country: India
Victim Industry: Food & Beverage / Hospitality
Victim Organization: Vaidyaratnam Canteen
Victim Site: vaidyaratnamcanteen.com
Alleged defacement of multiple demo websites by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor claiming responsibility for defacing multiple websites under demowebsiteclient.com domain. Approximately 13 URLs listed as compromised. Mirror link provided at hack-db.org.
Date: 2026-05-14T12:51:36Z
Network: telegram
Published URL: https://t.me/c/3865526389/944
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteclient.com
Alleged data breach of CarMax by ShinyHunters group
Category: Data Leak
Content: A threat actor posting under the ShinyHunters group name claims to have breached U.S. auto retailer CarMax in October 2025, exposing approximately 452,000 customer records. The leaked dataset, reportedly made available publicly in January 2026, includes names, email addresses, phone numbers, fax numbers, physical addresses, and dates of birth. The data was shared on BreachForums and appears to have originated from a Salesforce-based CRM system.
Date: 2026-05-14T12:50:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Carmax-Database-by-ShinyHunters-Group
Screenshots:
None
Threat Actors: Tanaka
Victim Country: United States
Victim Industry: Retail
Victim Organization: CarMax
Victim Site: carmax.com
Alleged sale of compromised account database across multiple countries and platforms
Category: Combo List
Content: Threat actor offering fresh database of compromised accounts from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox access. Specifically targeting e-commerce and service platforms including eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Seller claims to own private cloud infrastructure with valid webmail access and requests DMs for specific keyword searches.
Date: 2026-05-14T12:42:35Z
Network: telegram
Published URL: https://t.me/c/2613583520/81362
Screenshots:
None
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: E-commerce, Payment Services, Gaming, Travel, Marketplace Platforms
Victim Organization: Unknown
Victim Site: Unknown
Murray County, Georgia cyberattack closes county offices
Category: Cyber Attack
Content: A cyberattack resulted in the closure of several Murray County government offices in Georgia, affecting tax and judicial services. However, authorities confirmed that emergency services (911), public safety, and primary voting are continuing normally. County officials did not specify the exact nature of the attack, whether any data was compromised, or when the closed offices will reopen.
Date: 2026-05-14T12:36:55Z
Network: openweb
Published URL: https://dysruptionhub.com/murray-georgia-cyberattack-offices/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Murray County
Victim Site: murraycountyga.org
Alleged sale of 1000 webshells by cincau
Category: Initial Access
Content: Threat actor cincau is offering to sell 1000 webshells at a rate of 50 per batch. This represents initial access infrastructure being commercialized for potential compromise of web applications.
Date: 2026-05-14T12:20:22Z
Network: telegram
Published URL: https://t.me/c/3865526389/937
Screenshots:
None
Threat Actors: cincau
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Gmail and LinkedIn credentials with cookies
Category: Logs
Content: Threat actor offering to sell Gmail cookies, LinkedIn cookies paired with passwords, and email:password combinations. No pricing information provided in the post.
Date: 2026-05-14T12:15:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/81360
Screenshots:
None
Threat Actors: best_
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 37,758 lines
Category: Combo List
Content: A threat actor shared a combo list containing 37,758 email:password lines targeting Hotmail accounts. The list was posted on a public cracking forum and appears intended for credential stuffing use.
Date: 2026-05-14T12:13:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-37-758-lins-hotmail-combo-list
Screenshots:
None
Threat Actors: ZeroLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Comcast.net combo list with 35,936 credentials
Category: Combo List
Content: A forum user shared a combo list containing 35,936 email:password pairs for comcast.net accounts. The list was posted on a known cracking forum. No additional details about origin or verification status are available.
Date: 2026-05-14T12:12:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-35-936-lins-comcast-net-combo-list
Screenshots:
None
Threat Actors: ZeroLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting interia.pl users
Category: Combo List
Content: A threat actor shared a combo list of approximately 22,683 email:password pairs associated with interia.pl accounts. The list was posted on a public cracking forum. No additional details about the origin of the credentials were provided.
Date: 2026-05-14T12:12:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-22-683-lins-interia-pl-combo-list
Screenshots:
None
Threat Actors: ZeroLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a free sample of a mixed mail combo list via a Telegram channel. The post advertises a channel offering mix mails, logs, ULP, and checkers. No specific victim organization or record count is identified.
Date: 2026-05-14T12:12:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-3
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: mixed mail credentials
Category: Combo List
Content: A threat actor shared a free sample of a mixed mail combo list on a cracking forum, directing users to a Telegram channel advertising mixed mails, logs, ULP credentials, and checkers. No specific victim organization or record count was disclosed.
Date: 2026-05-14T12:11:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-6
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample — mixed mail credentials
Category: Combo List
Content: A threat actor shared a free sample of mixed mail credentials (combo list) on a cracking forum. The post promotes a Telegram channel offering mix mail, logs, ULP, and checkers. No specific victim organization or record count was identified.
Date: 2026-05-14T12:11:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-5
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a free sample of a mixed mail combo list via a Telegram channel. The post advertises access to mixed mail credentials, logs, ULP formats, and checkers through the channel primedatanet.
Date: 2026-05-14T12:11:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-4
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Comcast.net email combo list
Category: Combo List
Content: A threat actor is distributing a combo list targeting Comcast.net email accounts on a cybercrime forum. The content is hidden behind a registration or login requirement. No further details regarding record count or data fields are available.
Date: 2026-05-14T12:11:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-comcast-net-combo-mail-acess-vip-302243
Screenshots:
None
Threat Actors: GMT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: mixed mail credentials
Category: Combo List
Content: A threat actor is freely distributing a sample mixed mail combo list on a cracking forum. The post advertises a Telegram channel offering mixed mail credentials, logs, ULP (URL:Login:Password) combos, and checkers. No specific victim organization or record count is disclosed.
Date: 2026-05-14T12:10:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-1
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting interia.pl mail service
Category: Combo List
Content: A threat actor is offering a combo list marketed as mail access credentials for interia.pl on a cybercrime forum. The content is hidden behind a registration or login wall, limiting visibility into the full scope or record count. This appears to be a credential stuffing list targeting interia.pl email accounts.
Date: 2026-05-14T12:10:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-interia-pl-combo-mail-acess-vip-302246
Screenshots:
None
Threat Actors: GMT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample — mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a free sample of a mixed mail combo list on a cracking forum, advertising a Telegram channel offering mix mails, logs, ULP combos, and checkers. No specific victim organization or record count is disclosed.
Date: 2026-05-14T12:10:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-2
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list available on forum
Category: Combo List
Content: A threat actor is distributing a Hotmail combo list on a cybercrime forum. The content is hidden behind a registration or login requirement, limiting visibility into the record count or data composition. The list is marketed as VIP access credentials for Hotmail accounts.
Date: 2026-05-14T12:10:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-hotmail-com-combo-mail-acess-vip-302241
Screenshots:
None
Threat Actors: GMT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting European and German shopping services
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 1,078,106 email and password combinations reportedly targeting European and German shopping platforms. The post is categorized as a credential stuffing resource rather than a breach of any single organization.
Date: 2026-05-14T12:10:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-078-106-Lines-%E2%9C%85-Europa-Germany-Shopping-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Casino services with Hotmail, Yahoo, and Orange credentials
Category: Combo List
Content: A combo list containing 191,812 email:password pairs from Hotmail.fr, Yahoo, and Orange accounts is being distributed, marketed as targeting Casino services for credential stuffing.
Date: 2026-05-14T12:09:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-191-812-%E2%9A%9C%EF%B8%8F-hotmail-fr-yahoo-orange-Casino-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 4.2K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 4,200 Hotmail credentials on a cybercrime forum. The content is gated behind registration or login, with engagement incentivized by a like request. This is a credential stuffing resource targeting Hotmail mail access.
Date: 2026-05-14T12:09:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4-2k-hotmail-mail-access-%E2%9C%85-302248
Screenshots:
None
Threat Actors: D47
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Polish mail services
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,800 Polish mail account credentials, described as mixed mail access. The content is hidden behind a registration/login wall and is marked as private to the poster.
Date: 2026-05-14T12:09:19Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%AA2-8k-poland-mail-access-mix%F0%9F%8D%AA%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Recruitment for social engineering refund fraud (SE4U) suppliers
Category: Services
Content: A threat actor is recruiting individuals who perform social engineering fraud (SE4U/B4U) to supply consumer goods obtained through refund scams in bulk. The poster offers crypto payment, middleman escrow, and rates of 20-30%+ of eBay resale value for consistent suppliers. The post indicates an intent to build a long-term operation involving fraudulently obtained merchandise across multiple product categories.
Date: 2026-05-14T12:09:10Z
Network: openweb
Published URL: https://patched.to/Thread-diamond-looking-for-people-who-do-se4u-long-term-work
Screenshots:
None
Threat Actors: DarkElysium
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 407 hits shared on forum
Category: Combo List
Content: A threat actor shared a combo list marketed as 407 Hotmail premium hits on a combolist forum. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-14T12:09:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%AD%90407x-hotmail-premium-hits%E2%9C%85%E2%AD%90
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Coinbase account checker tool
Category: Combo List
Content: A threat actor is distributing a credential-checking tool targeting Coinbase accounts, marketed as a professional checker with proxy support (HTTP, HTTPS, SOCKS). The tool is designed for credential stuffing against Coinbase user accounts.
Date: 2026-05-14T12:08:35Z
Network: openweb
Published URL: https://nulledbb.com/thread-Coinbase-checker-V1-0-2026
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5 million mixed IMAP/SMTP combo list
Category: Combo List
Content: A threat actor is offering a mixed IMAP/SMTP combo list reportedly containing 5 million credential pairs, advertised as high quality. The list is available via Telegram, where the seller also promotes free combo and tool distribution channels.
Date: 2026-05-14T12:05:43Z
Network: openweb
Published URL: https://crackingx.com/threads/75235/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix email combo list with 6,240 records
Category: Combo List
Content: A threat actor shared a mixed email combo list containing 6,240 records on a cracking forum. The post includes a download link with no additional details about the source or composition of the credentials.
Date: 2026-05-14T12:05:19Z
Network: openweb
Published URL: https://crackingx.com/threads/75236/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Redefacement of Skyrise UAE by PH.PU$TURA of Crimsonsec PH
Category: Defacement
Content: The website skyriseuae.com was defaced by threat actor PH.PU$TURA, operating under the group Crimsonsec PH, on May 14, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. The attack appears to be the work of a Philippine-based hacktivist or cybercriminal group with a history of web defacement operations.
Date: 2026-05-14T12:00:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922373
Screenshots:
None
Threat Actors: PH.PU$TURA, Crimsonsec PH
Victim Country: United Arab Emirates
Victim Industry: Real Estate / Construction
Victim Organization: Skyrise UAE
Victim Site: skyriseuae.com
Combo list of 69K Hotmail credentials shared on hacking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 69,000 Hotmail domain credentials, marketed as valid as of May 14, 2026. The content is gated behind a forum registration or login requirement.
Date: 2026-05-14T11:57:50Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%99%8B-69k-HOTMAIL-DOMAIN-WITH-VALID-14-05-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 320K mix-domain combo list
Category: Logs
Content: A threat actor shared a mix-domain combo list containing approximately 320,000 credentials, marketed as valid as of May 14, 2026. The list was posted on a forum dedicated to mail access and combo lists and is available to registered members.
Date: 2026-05-14T11:54:09Z
Network: openweb
Published URL: https://xforums.st/threads/320k-mix-domain-with-valid-14-05-26.613818/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of verified CashApp and PayPal linkable accounts
Category: Carding
Content: A threat actor is offering verified CashApp and PayPal linkable accounts for sale, marketed as a method to quickly monetize fraudulent accounts. The seller directs interested buyers to a Telegram handle for further details and proof of legitimacy.
Date: 2026-05-14T11:52:20Z
Network: openweb
Published URL: https://altenens.is/threads/verified-cashapp-account-for-linkable-cashapp-and-paypal-linkable-hundred-pointscometfire-this-linkables-are-easy-to-make-quick-cash-for-beginners-i-hope-you-are-b.2939543/unread
Screenshots:
None
Threat Actors: Aq0
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of cncir.eu by XYZ of Alpha Wolf
Category: Defacement
Content: On May 14, 2026, the website cncir.eu was defaced by a threat actor identified as XYZ, operating under the team name Alpha Wolf. The attack targeted a Linux-based server and resulted in a single-page defacement rather than a mass or home page compromise. A mirror of the defaced content has been archived at haxor.id.
Date: 2026-05-14T11:48:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249225
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: European Union
Victim Industry: Unknown
Victim Organization: CNCIR
Victim Site: cncir.eu
Free distribution of URL:Log:Pass combo list with 24.8 million lines
Category: Logs
Content: A threat actor has freely distributed a URL:Log:Pass dataset containing approximately 24.8 million lines across multiple file-sharing platforms. The data appears to be stealer log output containing URLs alongside credentials. No specific victim organization or country is identified.
Date: 2026-05-14T11:46:33Z
Network: openweb
Published URL: https://breached.st/threads/url-log-pass-24-799-285-million-lines-1gb.87100/unread
Screenshots:
None
Threat Actors: Markus7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of cncir.eu by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 14, 2026, the website cncir.eu was defaced by a threat actor known as XYZ, operating under the team name Alpha Wolf. The attack targeted the homepage of the site in a single, targeted defacement operation. No specific motivation or exploitation method was disclosed in the available incident data.
Date: 2026-05-14T11:45:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922372
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: European Union
Victim Industry: Unknown
Victim Organization: CNCIR
Victim Site: cncir.eu
Alleged data breach of Xacria XNO telecommunications platform
Category: Data Leak
Content: A threat actor claims to have breached Xacria XNO (Xacria Network Orchestrator), a carrier-grade network orchestration platform used by telecommunications operators in Italy. The actor alleges the breach exposed client data and has made a download available via a Telegram channel. The post references 271 records.
Date: 2026-05-14T11:45:22Z
Network: openweb
Published URL: https://breached.st/threads/271-xacria-xno-telecommunications-breach-clients.87099/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Xacria XNO
Victim Site: Unknown
Alleged data breach of Aryaa Money Indian stock trading platform
Category: Data Breach
Content: A threat actor is selling an alleged database from aryaamoney.com, an Indian online stock trading platform, containing over 1.6 million records in the format of FirstName, MobileNo, Password, and UserName. The database is priced at 4,000–5,000 USDT or XMR. The seller claims the ability to verify account authenticity upon purchase.
Date: 2026-05-14T11:40:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Indian-online-stock-website-https-www-aryaamoney-com
Screenshots:
None
Threat Actors: taiwanhacker
Victim Country: India
Victim Industry: Finance
Victim Organization: Aryaa Money
Victim Site: aryaamoney.com
Alleged data leak of Bolivia Ministry of Health and Sports – Bono Juana Azurduy beneficiary registry
Category: Data Leak
Content: A threat actor claims to have extracted 1,154,135 records from the beneficiary registry of the Bono Juana Azurduy maternal health program administered by Bolivias Ministry of Health and Sports. The dataset includes full names, national ID numbers, dates of birth, sex, municipality codes, and beneficiary type per record, distributed as individual JSON files in a ZIP archive. The data has been made available for free download via an external file-sharing link.
Date: 2026-05-14T11:38:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Ministry-of-Health-and-Sports-Bolivia-Bono-Juana-Azurduy-Data-Leak-1M-Records
Screenshots:
None
Threat Actors: konata_izumi_shell
Victim Country: Bolivia
Victim Industry: Government
Victim Organization: Ministry of Health and Sports of Bolivia
Victim Site: minsalud.gob.bo
Alleged data leak of Rockstar Games
Category: Data Leak
Content: A threat actor has shared what they claim is a compressed database dump associated with Rockstar Games, described as approximately one month old. No sample was provided, and the full content is gated behind forum replies or an account upgrade. The nature and contents of the data have not been disclosed.
Date: 2026-05-14T11:38:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Rockstar-Games-COMPRESSED-ZIP-prob-1-month-old
Screenshots:
None
Threat Actors: roulettegun
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: rockstargames.com
Alleged data breach of Gemini (Google)
Category: Data Breach
Content: A threat actor is selling an alleged database associated with gemini.google.com, comprising approximately 97,000 lines (41MB) for $200. The post includes a paste link described as a sample for verification purposes.
Date: 2026-05-14T11:37:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DATABASE-GEMINI-GOOGLE-COM
Screenshots:
None
Threat Actors: OxO
Victim Country: United States
Victim Industry: Technology
Victim Organization: Google
Victim Site: gemini.google.com
Sale of HQ Disney combo list
Category: Combo List
Content: A forum user is distributing a combo list marketed as high-quality Disney credentials. The content is hidden behind a registration or login wall, and no further details about record count or data fields are available.
Date: 2026-05-14T11:00:06Z
Network: openweb
Published URL: https://patched.to/Thread-hq-disney-combolist
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Google phishing kit with live panel
Category: Phishing
Content: A threat actor is offering a Google-themed phishing kit (scama) featuring a live panel, marketed as a 1:1 replica of legitimate Google pages. The seller advertises bulletproof hosting compatibility and offers custom phishing scripts on request.
Date: 2026-05-14T10:59:59Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F-NEW-Google-2026-Phishing-Scama-Livepanel-BulletProof-1-1-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Nayfer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Valorant accounts
Category: Combo List
Content: A threat actor is sharing a combo list marketed as SUHQ targeting Valorant accounts. The content is hidden behind a registration or login wall, limiting visibility into record count or data specifics.
Date: 2026-05-14T10:59:44Z
Network: openweb
Published URL: https://patched.to/Thread-suhq-valorant-302206
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Fake casino scam service recruiting affiliates for gambling fraud operation
Category: Services
Content: A threat actor operating under Gambling Partners is recruiting affiliates to drive social media traffic into a fake casino scheme. Victims are lured into making deposits, shown fabricated winnings, and subjected to multiple upsell attempts upon withdrawal. Affiliates are offered an 80% revenue share and provided with operational manuals, AI-assisted victim processing, and funnel support.
Date: 2026-05-14T10:59:19Z
Network: openweb
Published URL: https://patched.to/Thread-diamond-fake-casino-80-payout-1700-games-fake-betting-fiat-payment-methods
Screenshots:
None
Threat Actors: TheGambling
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Ubisoft distributed on forum
Category: Combo List
Content: A combo list targeting Ubisoft accounts has been shared on a forum, with content hidden behind a registration or login requirement. No further details about record count or data composition are available from the post.
Date: 2026-05-14T10:59:13Z
Network: openweb
Published URL: https://patched.to/Thread-target-ubisoft-combolist
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Valorant account combo list
Category: Combo List
Content: A threat actor is offering for sale a private Valorant-targeted combo list claiming over 400,000 available credentials marketed as fresh with guaranteed hits. A checker tool with source code is also advertised for purchase via a Discord server.
Date: 2026-05-14T10:58:53Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-2350x-valorant-mixed-region-account-combolist
Screenshots:
None
Threat Actors: cdrgod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
United Kingdom Email:Pass Combo List
Category: Combo List
Content: A threat actor shared a combo list of approximately 325,000 email and password pairs allegedly sourced from United Kingdom accounts. The credentials are marketed as fresh and high quality. Access to the content requires registration or login on the forum.
Date: 2026-05-14T10:57:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-325-K-%E2%9C%A6-United-Kingdom-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-14-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Vietnam email and password combo list with 95K+ credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 95,000 email and password pairs purportedly sourced from Vietnam. The credentials are marketed as fresh and high quality, dated May 14, 2026. The list is available to registered forum members at no cost.
Date: 2026-05-14T10:57:48Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-95-K-%E2%9C%A6-Vietnam-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-14-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list allegedly containing 95K Vietnamese email and password credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 95,000 email and password pairs purportedly from Vietnam, marketed as fresh and high quality. The credentials were made available behind a registration or login wall on a cybercrime forum. The post directs users to a Telegram channel for additional combo lists.
Date: 2026-05-14T10:57:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-95-K-%E2%9C%A6-Vietnam-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-14-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of United States email and password credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 39,000 email and password credential pairs purportedly sourced from United States users. The credentials are marketed as fresh and high quality, dated May 14, 2026. Access to the list requires registration or login on the forum.
Date: 2026-05-14T10:57:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-39-K-%E2%9C%A6-United-States-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-14-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sri Lanka Email:Pass Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 11,000 email and password pairs purportedly associated with Sri Lanka. The credentials are marketed as fresh and high quality, with a datestamp of May 14, 2026. The content is hosted behind a registration wall on a cybercrime forum.
Date: 2026-05-14T10:56:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-11-K-%E2%9C%A6-Sri-Lanka-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-14-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Sri Lanka
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of stealer logs (ULP/Logs/PC) — 3.07 GB
Category: Logs
Content: A threat actor shared 3.07 GB of stealer logs described as fresh and high quality, containing URL:login:password (ULP) combos and PC log data. The content is gated behind forum registration or login and is also promoted via a Telegram channel.
Date: 2026-05-14T10:56:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-ULP-LOGS-PC-%E2%9C%A6%E2%9C%A6-3-07-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged compromise of industrial control system at Istanbul factory
Category: Cyber Attack
Content: Threat actor claims to have breached the control screen of a frequency converter operating in a hybrid system at a factory in Istanbul, Turkey. The post includes a photo allegedly showing the compromised interface. The mention of Turkcell Internet suggests the attack may have involved network infrastructure.
Date: 2026-05-14T10:54:55Z
Network: telegram
Published URL: https://t.me/c/3628793212/198
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Manufacturing/Industrial
Victim Organization: Factory in Istanbul
Victim Site: Unknown
Website Defacement of Schungit.com by DimasHxR
Category: Defacement
Content: The website schungit.com was defaced by threat actor DimasHxR on May 14, 2026. The attacker targeted a specific media/upload directory path, suggesting exploitation of a file upload vulnerability or misconfigured permissions within what appears to be a Magento-based e-commerce platform. The incident was a targeted single-site defacement with no team affiliation reported.
Date: 2026-05-14T10:54:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922369
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Schungit
Victim Site: schungit.com
Sale of Hotmail combo list with 7.8K credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 7,800 Hotmail email and password pairs on a cybercrime forum. The credentials are formatted as email:password and are likely intended for credential stuffing use.
Date: 2026-05-14T10:50:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-7-8K-Hotmail-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list of 320 credentials
Category: Combo List
Content: A threat actor shared a combo list of 320 alleged UHQ Hotmail credentials on a cracking forum. The file was made available for a limited time window of 3 hours before removal. The actor directed users to a Telegram backup channel for continued access.
Date: 2026-05-14T10:48:09Z
Network: openweb
Published URL: https://crackingx.com/threads/75227/
Screenshots:
None
Threat Actors: Haydayx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of mixed mail credentials targeting Polish and Italian accounts
Category: Combo List
Content: A threat actor has shared a combo list containing 4,644 lines of mixed mail access credentials targeting Polish and Italian accounts. The list is made available for free download on a cracking forum.
Date: 2026-05-14T10:47:51Z
Network: openweb
Published URL: https://crackingx.com/threads/75228/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List sample of Hotmail credentials shared freely
Category: Combo List
Content: A threat actor shared a sample combo list of 890 Hotmail credentials on a cracking forum. The post provides a download link for the credential samples, which appear to be intended for credential stuffing or account takeover purposes.
Date: 2026-05-14T10:47:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75229/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed unique combo list with 38,000 credentials
Category: Combo List
Content: A forum user on CrackingX is sharing a mixed unique combo list containing approximately 38,000 credential pairs. The content is gated behind account registration or login, limiting visibility into specific details. No target service or breach source is identified in the available post metadata.
Date: 2026-05-14T10:47:13Z
Network: openweb
Published URL: https://crackingx.com/threads/75232/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Custom software development and engineering services offered on cracking forum
Category: Services
Content: A forum user is advertising custom software engineering and full-stack development services including FinTech platforms, automation bots, data extractors, and mobile applications. The seller offers to work via escrow or forum guarantor and can be contacted via Telegram. No specific victim or threat activity is involved.
Date: 2026-05-14T10:45:33Z
Network: openweb
Published URL: https://crackingx.com/threads/75230/
Screenshots:
None
Threat Actors: errorcorer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list of 70K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 70,000 Hotmail credentials via Pasteview. The credentials are marketed as high quality and were made available for free on the forum.
Date: 2026-05-14T10:40:16Z
Network: openweb
Published URL: https://altenens.is/threads/70k-hq-hotmail-txt.2939527/unread
Screenshots:
None
Threat Actors: Vekko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 14,000 HQ mail access credentials
Category: Logs
Content: A threat actor is offering 14,000 high-quality mail access credentials on a cybercrime forum. The content is behind a registration gate, limiting further detail. The post is categorized as mail access valids, suggesting verified email account credentials.
Date: 2026-05-14T10:35:45Z
Network: openweb
Published URL: https://xforums.st/threads/14k-hq-mail-access-valids.613815/
Screenshots:
None
Threat Actors: VegaMoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of InMajorCity India
Category: Data Leak
Content: A threat actor affiliated with Cyber Team Indonesia has leaked a database allegedly belonging to InMajorCity, an Indian website. The data is being distributed freely via a MediaFire download link.
Date: 2026-05-14T10:33:40Z
Network: openweb
Published URL: https://breached.st/threads/leaks-database-inmajorcity-indian.87098/unread
Screenshots:
None
Threat Actors: MR ELANG XPLOIT
Victim Country: India
Victim Industry: Unknown
Victim Organization: InMajorCity
Victim Site: inmajorcity.in
Alleged sale of stolen mailbox access and credential database across multiple countries
Category: Logs
Content: Threat actor offering full access to mailbox credentials and cookies database covering UK, DE, JP, NL, BR, PL, ES, US, IT and other countries. Advertises inbox searching capability filtered by keywords targeting popular platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Mercari, Kleinanzeigen, Neosurf, Amazon, and ntlworld webmails. Claims to operate private cloud infrastructure with valid webmail access.
Date: 2026-05-14T10:29:16Z
Network: telegram
Published URL: https://t.me/c/2613583520/81286
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, gaming, travel, payment services)
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1 million alleged valid crypto/forex leads targeting United States
Category: Data Breach
Content: A threat actor is offering for sale a dataset claimed to contain 1 million valid crypto and forex leads from the United States. A sample is provided via an external paste link, and interested buyers are directed to negotiate pricing via Telegram. The source organization of the data is not disclosed.
Date: 2026-05-14T10:27:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-1M-VALID-CRYPTO-FOREX-USA-LEADS
Screenshots:
None
Threat Actors: OxO
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of 126 Israeli passport documents
Category: Carding
Content: A threat actor is offering 126 Israeli passport documents for sale, directing interested buyers to a Telegram contact for pricing. No further details regarding the source or contents of the documents are provided in the post.
Date: 2026-05-14T10:26:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-126-Israel-passports
Screenshots:
None
Threat Actors: OxO
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of STIE Jayakusuma subdomains by m4ul1337
Category: Defacement
Content: Multiple subdomains of stiejayakusuma.ac.id have been allegedly defaced by threat actor m4ul1337. Affected domains include pmb, repository, tracerstudy, jurnal, and journal subdomains. Defacement claim posted with photo evidence.
Date: 2026-05-14T10:18:00Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1737
Screenshots:
None
Threat Actors: m4ul1337
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Jayakusuma
Victim Site: stiejayakusuma.ac.id
Alleged DDoS stresser service Deepstresser offering Layer 4/7 attack capabilities
Category: Malware
Content: Deepstresser 1.0.4 is being advertised as a Layer 4/7 DDoS stresser service with SYN retransmission bypass methods targeting major protection systems (Cloudflare, OVH, Hetzner, Amazon, Akamai). The service offers custom attack packages with pricing starting at $10 per concurrent for basic plans and $20 for premium plans. Website: deepstresser.su
Date: 2026-05-14T09:50:18Z
Network: telegram
Published URL: https://t.me/c/1669509146/98380
Screenshots:
None
Threat Actors: Deepstresser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 705 Hotmail email and password pairs on a public forum. The credentials are described as old data and are marketed for mail access. No price is mentioned, suggesting the list was distributed freely.
Date: 2026-05-14T09:48:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8X705-HOTMAIL-MAIL-ACCESS%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed domain combo list targeting shopping services
Category: Combo List
Content: A combo list of approximately 984,169 email:password credentials is being shared, described as mixed domain and targeting shopping services. The post does not attribute the credentials to a specific breached organization.
Date: 2026-05-14T09:48:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-984-169-Mixed-Domain-Shopping-target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of EDU private combo list
Category: Combo List
Content: A threat actor is offering a private combo list targeting educational institutions. The post contains no additional details regarding record count, origin, or pricing.
Date: 2026-05-14T09:47:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-EDU-PR%C4%B0VATE-COMBOL%C4%B0ST–2093626
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 910 Hotmail email and password pairs on a criminal forum. The credentials are being distributed for free and are marketed for mail access. The named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-14T09:47:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8X910-HOTMAIL-MAIL-ACCESS%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor shared a combo list of 1,448 Hotmail email:password credentials on a cracking forum. The post includes an image link as proof and the credentials are marketed as valid hits dated May 14, 2026.
Date: 2026-05-14T09:46:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-448-Good-HOTMAIL-GOODS-14-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Valorant combo list
Category: Combo List
Content: A threat actor is offering a combo list marketed as high-quality (SUHQ) Valorant credentials. The post appears to contain no additional details beyond the thread title, which indicates user:pass format targeting Valorant accounts.
Date: 2026-05-14T09:46:36Z
Network: openweb
Published URL: https://cracked.st/Thread-User-Pass-SUHQ-VALORANT-PRIVATE–2093637
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass credential cloud service with claimed 12 billion antipublic lines
Category: Services
Content: A threat actor operating under the alias Plutonium is selling subscription-based access to a private URL:LOG:PASS credential cloud service, advertised as containing approximately 12 billion antipublic lines sourced from leaked logs, paid traffic, and private sources. The service claims to offer fresh, deduplicated credentials with multiple weekly updates of up to 500 million lines per month. Pricing ranges from $350 per month to $5,000 for a lifetime subscription.
Date: 2026-05-14T09:46:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-NEW-URL-LOG-PASS-CLOUD-%E2%98%A2%EF%B8%8FPLUTONIUM-%E2%98%A2%EF%B8%8FTOXIC-PRODUCT
Screenshots:
None
Threat Actors: seaborg_p
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted account upgrades for multiple SaaS platforms
Category: Services
Content: A forum member is advertising discounted personal account upgrades for various SaaS platforms including ElevenLabs, Canva Pro, Replit, Supabase, and others at up to 50% off. The seller claims accounts are personal with no shared access and offers full warranty and 24/7 support. The post does not specify the method of acquisition for these upgraded accounts.
Date: 2026-05-14T09:46:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-ElevenLabs-Manus-Lovable-Supabase-Framer-Canva-Replit-Factory-%E2%AD%90-Cheap-%E2%AD%90
Screenshots:
None
Threat Actors: BjornIronSide
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Instagram account unban and shadowban removal service offered on cracking forum
Category: Services
Content: A threat actor operating under the alias MetaSolution is advertising an Instagram account unban and shadowban removal service on a cracking forum. The service claims to recover banned accounts within 0–24 hours for a flat fee starting at $1,300. Contact is directed via a Telegram group and direct message handle.
Date: 2026-05-14T09:45:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Instagram-Unbans-via-rep-and-manual
Screenshots:
None
Threat Actors: MetaSolution
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
WhatsApp number lookup service offering real contact details
Category: Services
Content: A threat actor is advertising a human-based WhatsApp lookup service for $350 per query, claiming to provide real contact details associated with a given WhatsApp number. The service is described as representative-assisted with a turnaround time of 0–24 hours and internal screenshots provided as proof.
Date: 2026-05-14T09:45:38Z
Network: openweb
Published URL: https://patched.to/Thread-whatsapp-lookup-service
Screenshots:
None
Threat Actors: RepsMedia
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor on a cybercrime forum is distributing a URL:Log:Pass combo list containing over 8 million lines, shared as part of an ongoing free release series (part 339). The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-14T09:45:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-339
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Instagram and Facebook account lookup service
Category: Services
Content: A threat actor is advertising a paid lookup service for Instagram and Facebook accounts, claiming to retrieve personal information such as registration location, phone number, and email, as well as private posts and stories. The service is offered at a flat rate of $350 and reportedly works on both active and banned accounts. Contact is provided via Telegram.
Date: 2026-05-14T09:45:08Z
Network: openweb
Published URL: https://patched.to/Thread-instagram-facebook-lookup-service
Screenshots:
None
Threat Actors: RepsMedia
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1,448 credential hits
Category: Combo List
Content: A threat actor identified as D4rkNetHub is distributing a combo list containing 1,448 credentials marketed as valid Hotmail account hits. The content is gated behind forum registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-14T09:44:45Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-448-good-hotmail-goods-d4rknethub-cloud-14-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,300 Hotmail email credentials, marketed as fully valid. The content is hidden behind a forum registration or login wall.
Date: 2026-05-14T09:43:51Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9C%A8%E2%9A%9C%EF%B8%8FX1300-HOTMAIL-MAIL-ACCESS-FULL-Vaild-%E2%9A%9C%EF%B8%8F%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: HOTMAILPR0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of banking credential brute-force tool targeting ANZ and other financial institutions
Category: Malware
Content: A threat actor is distributing a banking credential brute-force tool advertised as targeting online banking platforms, including ANZ. The tool reportedly combines brute-force capabilities with banking-specific features designed to evade detection and comes pre-configured for specific financial institutions.
Date: 2026-05-14T09:43:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-ANZ-COM-Bank-Brute-2025
Screenshots:
None
Threat Actors: BrookMax
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: anz.com
Alleged leak of OPEC Thailand credentials
Category: Data Leak
Content: Credentials (username: 1186100022, password: 1186100022) for https://edoc.opec.go.th/ allegedly leaked and shared in Blue Shadow channel
Date: 2026-05-14T09:41:35Z
Network: telegram
Published URL: https://t.me/ZxS3xx/357
Screenshots:
None
Threat Actors: ZxS3C🪬
Victim Country: Thailand
Victim Industry: Government
Victim Organization: OPEC Thailand
Victim Site: edoc.opec.go.th
Website Defacement of Amortheluxe by Terror of Nullsec Philippines
Category: Defacement
Content: On May 14, 2026, a threat actor known as Terror affiliated with the group Nullsec Philippines defaced a page on amortheluxe.com, a likely luxury goods or fashion-related website. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. The attack was recorded and mirrored by zone-xsec.com under mirror ID 922331.
Date: 2026-05-14T09:40:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922331
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: Unknown
Victim Industry: Retail/Luxury Goods
Victim Organization: Amorthe Luxe
Victim Site: amortheluxe.com
Alleged collection of large database dumps leaked
Category: Data Leak
Content: A threat actor shared a collection of large databases on a forum, distributing them freely. No specific organizations, record counts, or data types were identified in the post.
Date: 2026-05-14T09:40:11Z
Network: openweb
Published URL: https://xforums.st/threads/collection-of-big-db.613812/
Screenshots:
None
Threat Actors: waghawaka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Aashray RMF by Terror of Nullsec Philippines
Category: Defacement
Content: On May 14, 2026, a threat actor known as Terror affiliated with the hacktivist group Nullsec Philippines defaced the website aashrayrmf.com, targeting a page at /qui.html. The attack was a single-page defacement and does not appear to be part of a mass or repeated defacement campaign. The organization, likely associated with financial or microfinance services based on the domain name, had its web content replaced by the attackers.
Date: 2026-05-14T09:38:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922334
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: India
Victim Industry: Financial Services
Victim Organization: Aashray RMF
Victim Site: aashrayrmf.com
Website Defacement of 24×7 Care Foundation by Terror (Nullsec Philippines)
Category: Defacement
Content: A threat actor known as Terror, affiliated with the hacktivist group Nullsec Philippines, defaced a page on the website of 24×7 Care Foundation on May 14, 2026. The attack targeted a non-home page of the organizations website, suggesting a targeted single-page defacement rather than a full site compromise. No specific motivation or technical details were disclosed for this incident.
Date: 2026-05-14T09:37:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922336
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: Unknown
Victim Industry: Non-Profit / Healthcare
Victim Organization: 24×7 Care Foundation
Victim Site: 24x7carefoundation.org
Free distribution of URL:Login:Pass stealer log dataset with 18.5 million lines
Category: Logs
Content: A threat actor on BreachForums shared a stealer log dataset containing approximately 18.5 million lines in URL:Login:Pass format, totaling approximately 1GB. The content is hidden behind a registration or login requirement. No specific victim organization or sector is identified.
Date: 2026-05-14T09:37:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-Url-Log-Pass-18-598-668-M%C4%B1ll%C4%B1on-L%C4%B1nes-1gb
Screenshots:
None
Threat Actors: Marat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Release of URL:Login:Pass stealer log dump containing approximately 24.9 million lines
Category: Logs
Content: A threat actor shared a stealer log dump containing approximately 24,919,692 lines of URL:login:password combinations totaling 1GB in size. The content is hidden behind a registration or login requirement on the forum. No specific victim organization or sector is identified.
Date: 2026-05-14T09:37:07Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-Url-Log-Pass-24-919-692-M%C4%B1ll%C4%B1on-L%C4%B1nes-1gb
Screenshots:
None
Threat Actors: Marat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of AICDA by Terror of Nullsec Philippines
Category: Defacement
Content: A threat actor operating under the alias Terror, affiliated with the hacktivist group Nullsec Philippines, defaced a page on the Indian website aicda.in on May 14, 2026. The attack targeted a specific subpage (qui.html) and was neither a mass defacement nor a redefacement. The incident has been archived via zone-xsec.com for forensic reference.
Date: 2026-05-14T09:36:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922332
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: India
Victim Industry: Unknown
Victim Organization: AICDA
Victim Site: aicda.in
Website Defacement of Dadi Cabinets by Terror (Nullsec Philippines)
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias Terror and affiliated with the group Nullsec Philippines defaced a page on dadicabinets.com, a website associated with a cabinets or home furnishings business. The attack was a targeted single-page defacement rather than a mass or home page defacement. No specific motivation or server details were disclosed.
Date: 2026-05-14T09:35:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922328
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: Unknown
Victim Industry: Retail / Home Furnishings
Victim Organization: Dadi Cabinets
Victim Site: dadicabinets.com
Sale of 4 million Yahoo and Mail.com email combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4 million credentials targeting Yahoo and Mail.com email accounts, marketed as a premium collection. The actor promotes access via Telegram channels offering free combos and tools.
Date: 2026-05-14T09:35:09Z
Network: openweb
Published URL: https://crackingx.com/threads/75224/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5,000 Japan mail access credentials
Category: Combo List
Content: A threat actor shared a Mega.nz link purportedly containing 5,000 Japanese email account credentials. The post was made in a combolists and dumps forum section, suggesting the credentials are intended for account access or credential stuffing.
Date: 2026-05-14T09:34:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75225/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Web.de with 6.9K email/password pairs
Category: Combo List
Content: A combo list containing approximately 6,900 Web.de email and password pairs has been posted on a cybercrime forum. The credentials are formatted as email:password pairs and are likely intended for credential stuffing purposes.
Date: 2026-05-14T09:31:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-6-9K-Web-de-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting aruba.it with 7K email/password credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 7,000 email and password pairs associated with aruba.it accounts. The content is gated behind forum registration or login. This list appears intended for credential stuffing purposes.
Date: 2026-05-14T09:30:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-7K-aruba-it-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting fastweb.it with 7K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 7,000 email and password pairs associated with fastweb.it accounts. The content is gated behind registration or login on the forum. This appears to be a credential stuffing list targeting Fastweb users rather than evidence of a direct breach of Fastwebs infrastructure.
Date: 2026-05-14T09:30:02Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-7K-fastweb-it-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Shivansh Constructions by Terror (Nullsec Philippines)
Category: Defacement
Content: On May 14, 2026, a threat actor known as Terror, affiliated with the hacktivist group Nullsec Philippines, defaced the website of Shivansh Constructions, an Indian construction company. The attack was a targeted single-site defacement rather than a mass or home page defacement. No specific motive or server details were disclosed in the incident report.
Date: 2026-05-14T09:29:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922327
Screenshots:
None
Threat Actors: Terror, Nullsec Philippines
Victim Country: India
Victim Industry: Construction
Victim Organization: Shivansh Constructions
Victim Site: shivanshconstructions.com
Combo List: Mixed unique credentials (38,000 records)
Category: Logs
Content: A threat actor has shared a mixed unique combo list containing approximately 38,000 credential pairs on a cybercrime forum. The post provides minimal detail beyond the record count and mixed nature of the credentials.
Date: 2026-05-14T09:24:45Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_2_38000.613813/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Fortnite account checker and locker scanner tool
Category: Combo List
Content: A threat actor is distributing a free Fortnite account checker tool capable of validating credentials, scanning in-game inventories, detecting VBucks balances, Battle Pass tiers, 2FA status, and account creation dates. The tool supports proxy configurations to avoid IP bans and is designed for credential stuffing against Fortnite accounts. Access to the download link requires forum engagement.
Date: 2026-05-14T09:20:16Z
Network: openweb
Published URL: https://altenens.is/threads/video-game-free-fortnite-account-checker-locker-scanner.2939482/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Prim Ferry Tattoo Studio blogger site
Category: Defacement
Content: A threat actor shared the HTML source code of a Blogger-hosted website belonging to Prim Ferry Tattoo Studio, a tattoo studio based in Batam, Indonesia. The post appears to be associated with a defacement or unauthorized modification of the site. No specific data exfiltration is claimed.
Date: 2026-05-14T09:16:57Z
Network: openweb
Published URL: https://breached.st/threads/script-blogger-to-prim-ferry-tattoo-studio-batam.87096/unread
Screenshots:
None
Threat Actors: mr999x
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: Prim Ferry Tattoo Studio
Victim Site: primferryta2.blogspot.com
Alleged data breach of Telegram with 30 million user records for sale
Category: Data Breach
Content: A threat actor is selling an alleged database of 30 million Telegram users. A sample paste is provided as proof, with the full dataset advertised for sale via a Telegram channel.
Date: 2026-05-14T09:10:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-30M-DATABASE-USERS-TELEGRAM
Screenshots:
None
Threat Actors: OxO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org
Website Defacement of Biopurus by DimasHxR
Category: Defacement
Content: On May 14, 2026, the attacker known as DimasHxR defaced a page on the Biopurus website, a UK-based health and wellness e-commerce platform. The defacement targeted a non-homepage URL within the sites media directory, suggesting a targeted file upload or directory traversal exploitation. The incident was a single, non-mass defacement with no attributed team affiliation.
Date: 2026-05-14T09:06:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922317
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Health & Wellness / E-commerce
Victim Organization: Biopurus
Victim Site: www.biopurus.co.uk
Alleged sale of Indonesian citizen data with 81 million records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of Indonesian citizen data comprising 81 million records for $1,000. A sample file is provided via an anonymous file-sharing link. The breached organization or source of the data is not specified in the post.
Date: 2026-05-14T09:03:01Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-indonesia-citizen-data-81m-records
Screenshots:
None
Threat Actors: Kim1000P
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
DimasHxR defaced www.biopurus.co.uk/pub/media/c…
Category: Defacement
Content: Target: www.biopurus.co.uk/pub/media/c…Attacker: DimasHxRDate: 2026-05-14 15:50:32
Date: 2026-05-14T09:00:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922317
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.biopurus.co.uk/pub/media/c…
Website Defacement of Vine House Farm by DimasHxR
Category: Defacement
Content: On May 14, 2026, the threat actor DimasHxR defaced a page on vinehousefarm.co.uk, a UK-based wildlife and bird food supplier. The attack targeted a subdirectory of the site rather than the homepage and was carried out as a single, targeted defacement rather than a mass or repeat attack. No team affiliation, specific motive, or technical details about the server environment were disclosed.
Date: 2026-05-14T08:58:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922316
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Agriculture / Retail
Victim Organization: Vine House Farm
Victim Site: vinehousefarm.co.uk
Alleged data breach of jifen360.com
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from jifen360.com, a Chinese marketing/loyalty service platform, for $1,000. The dataset reportedly contains approximately 150,000 records including full names, phone numbers, and national ID card numbers. Sample data includes structured membership records with member IDs, loyalty mile balances, and account timestamps.
Date: 2026-05-14T08:57:54Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-CHINA-150K-data-marketing-service-jifen360-com
Screenshots:
None
Threat Actors: faoced
Victim Country: China
Victim Industry: Retail
Victim Organization: Jifen360
Victim Site: jifen360.com
Combo list allegedly originating from China with 137K lines
Category: Combo List
Content: A threat actor is offering a combo list of 137,000 email:password pairs, claimed to originate from China and associated with the domain japanese-edu.org.hk. The credentials are presented in plaintext format and span multiple email providers including Yahoo, Gmail, and Hotmail. The post includes a sample of credentials and indicates a sale via contact in the authors signature.
Date: 2026-05-14T08:57:14Z
Network: openweb
Published URL: https://pwnforums.st/Thread-CHINA-www-japanese-edu-org-hk-combo-list-137k-lines
Screenshots:
None
Threat Actors: Tink3rTech
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of World Vision Program Store by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced the website of World Vision Program Store. The incident was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-05-14T08:56:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922319
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Non-Profit Programs
Victim Organization: World Vision Program Store
Victim Site: www.worldvisionprogramstore.co
Free combo list distribution on PwnForums
Category: Combo List
Content: A threat actor on PwnForums is freely distributing two URL:Login:Password (ULP) combo lists scraped from stealer logs. No record count or targeted service is specified.
Date: 2026-05-14T08:54:50Z
Network: openweb
Published URL: https://pwnforums.st/Thread-New-Scrape-DB-from-Logs-ULP
Screenshots:
None
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of data and source files allegedly exfiltrated from KRIA S.r.l. traffic enforcement systems
Category: Data Breach
Content: A threat actor is selling 2.03 GB of data allegedly stolen from KRIA S.r.l., an Italian traffic enforcement technology company. The offering includes source and installation files for T-EXSPEED and T-REDSPEED software, a complete MySQL database containing speed and red-light violation records, license plate data, and associated photos and videos from Italian municipal projects. Additional materials include server credentials, hardware configurations, camera calibration files, and technical docum
Date: 2026-05-14T08:53:08Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-KRIA-T-EXSPEED-T-REDSPEED
Screenshots:
None
Threat Actors: prtsc
Victim Country: Italy
Victim Industry: Government
Victim Organization: KRIA S.r.l.
Victim Site: Unknown
Alleged sale of stolen email credentials and browser cookies across multiple countries
Category: Logs
Content: Threat actor liyu is offering for sale access to stolen email credentials (mailpass) and cookies from multiple countries including UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, and Italy. The offer includes access to compromised accounts on major platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Mercari, Neosurf, Amazon, and Kleinanzeigen. The seller claims to operate a private cloud infrastructure and offers keyword-based inbox searching capabilities.
Date: 2026-05-14T08:51:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/81255
Screenshots:
None
Threat Actors: liyu
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, gaming, travel, financial services)
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of fresh credential combo list (ULP format)
Category: Combo List
Content: A threat actor is distributing a combo list described as fresh scraped credentials in URL:Login:Password (ULP) format on a public forum. The content is gated behind a reply requirement. No specific victim organization or record count is disclosed.
Date: 2026-05-14T08:51:19Z
Network: openweb
Published URL: https://pwnforums.st/Thread-FRESH-Credentials-ULP
Screenshots:
None
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged full infrastructure access to CoreWeave GPU Cloud
Category: Initial Access
Content: A threat actor claims to have obtained full infrastructure access to CoreWeave GPU Cloud, including root shells on internal notebook servers, permanent and temporary IAM keys, Grafana admin access, Kubernetes and CI/CD pipeline access, and S3/EBS storage containing purported personal and financial records. The actor states SSH keys and backdoor users were deployed for long-term persistence. The actor acknowledges uncertainty about whether the access is legitimate or a honeypot, as no authenticat
Date: 2026-05-14T08:49:46Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-CoreWeave-%E2%80%94-Full-Infrastructure-Access-Unverified
Screenshots:
None
Threat Actors: macaroni
Victim Country: United States
Victim Industry: Technology
Victim Organization: CoreWeave
Victim Site: coreweave.com
Alleged data breach of QIP (Quiet Internet Pager)
Category: Data Leak
Content: A threat actor has leaked an SQL dump allegedly originating from a 2011 data breach of the Russian instant messaging service QIP (qip.ru), attributed to the actor [email protected]. The dataset, approximately 4.86 GB decompressed, contains an estimated 33,380,559 records including usernames, email addresses, phone numbers, plaintext passwords, and website activity. The data was shared freely within the forums community bounty program.
Date: 2026-05-14T08:47:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Quiet-Internet-Pager-qip-ru-2011-06-03-33-38M-Users
Screenshots:
None
Threat Actors: thelastwhitehat
Victim Country: Russia
Victim Industry: Technology
Victim Organization: QIP (Quiet Internet Pager)
Victim Site: qip.ru
Alleged data leak of Rite Aid customer records by RansomHub ransomware group
Category: Data Leak
Content: A threat actor has freely shared a dataset attributed to a June 2024 breach of U.S. drugstore chain Rite Aid, allegedly conducted by the RansomHub ransomware group. The leaked data purportedly contains 12,316,882 records spanning June 2017 to July 2018, including full names, physical addresses, dates of birth, and drivers license numbers. Sample records indicate affected individuals across multiple U.S. states including California, Washington, Virginia, and Utah.
Date: 2026-05-14T08:45:19Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Rite-Aid-riteaid-com-2024-06-06-12-31M
Screenshots:
None
Threat Actors: thelastwhitehat
Victim Country: United States
Victim Industry: Retail
Victim Organization: Rite Aid
Victim Site: riteaid.com
Website Defacement of dvtest.com by DimasHxR
Category: Defacement
Content: On May 14, 2026, threat actor DimasHxR defaced a subdirectory of dvtest.com, targeting the public media customer path. The attacker operated independently without a team affiliation. The incident was a targeted single-page defacement with no mass or repeat defacement indicators recorded.
Date: 2026-05-14T08:44:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922281
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DV Test
Victim Site: dvtest.com
Alleged data leak of Burger King Russia (burgerkingrus.ru)
Category: Data Leak
Content: A threat actor has freely shared a dataset allegedly sourced from the Russian branch of Burger King, operating via burgerkingrus.ru. The leaked CSV file (781MB) contains approximately 5.6 million records including phone numbers, email addresses, full names, birthdates, gender, physical addresses, loyalty segment data, and account confirmation status. Sample records indicate the data relates to customer loyalty and delivery service accounts.
Date: 2026-05-14T08:43:22Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Russian-Burger-King-leak
Screenshots:
None
Threat Actors: purplepancake49
Victim Country: Russia
Victim Industry: Food & Beverage
Victim Organization: Burger King Russia
Victim Site: burgerkingrus.ru
Website Defacement of aescripts.com by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a media/customer directory page on aescripts.com, a platform specializing in Adobe After Effects scripts and plugins. The attack was a targeted single-page defacement and was not part of a mass or repeated defacement campaign. No team affiliation, specific motive, or server details were disclosed.
Date: 2026-05-14T08:43:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922280
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Software / Digital Media Tools
Victim Organization: aescripts + aeplugins
Victim Site: aescripts.com
Alleged data breach of Cybertek
Category: Data Breach
Content: A threat actor is offering a database allegedly belonging to cybertek.fr, a French electronics retailer, containing approximately 200,000 records spanning 2002 to 2024. The content is gated behind a points paywall on the forum. No sample or headers were included in the visible post.
Date: 2026-05-14T08:41:16Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-cybertek-fr-200K-2002-2024
Screenshots:
None
Threat Actors: jeanlouis
Victim Country: France
Victim Industry: Retail
Victim Organization: Cybertek
Victim Site: cybertek.fr
Alleged data leak of Boomlab Agency (Portugal)
Category: Data Leak
Content: A threat actor has leaked multiple CSV files allegedly originating from Boomlab Agency, a Portuguese commercial and sales consulting company. The dump includes tables related to accounts, clients, leads, users, documents, sales analysis, and communications. The data is being made available freely on the forum behind a reply gate.
Date: 2026-05-14T08:39:19Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Portugal-Commercial-Sales-consulting-company-database
Screenshots:
None
Threat Actors: Kurd
Victim Country: Portugal
Victim Industry: Professional Services
Victim Organization: Boomlab Agency
Victim Site: boomlab.agency
Alleged data leak of Virginia Department of Wildlife Resources
Category: Data Leak
Content: A threat actor has freely leaked a dataset allegedly belonging to the Virginia Department of Wildlife Resources (DWR), containing 286,620 records. Compromised fields include full names, Social Security numbers, dates of birth, gender, ethnicity, contact information, and hunting/fishing license history. Sample records with SSNs and personal identifiers were included in the post to substantiate the claim.
Date: 2026-05-14T08:36:12Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Virginia-Department-of-Wildlife-Resources-Leaked-Download
Screenshots:
None
Threat Actors: w1kkid
Victim Country: United States
Victim Industry: Government
Victim Organization: Virginia Department of Wildlife Resources
Victim Site: va.gov
Alleged data leak of cistes.net (156K records)
Category: Data Leak
Content: A threat actor has shared an alleged database dump from cistes.net, a French website, containing 156,506 records dated 2019. The dataset includes email addresses, passwords, and telephone numbers in CSV format. Access to the download is gated behind a forum points requirement.
Date: 2026-05-14T08:32:59Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-cistes-net-156k-2019
Screenshots:
None
Threat Actors: jeanlouis
Victim Country: France
Victim Industry: Unknown
Victim Organization: cistes.net
Victim Site: cistes.net
Alleged data leak of thmanyah.com
Category: Data Leak
Content: A threat actor has made available data allegedly from a May 2026 breach of thmanyah.com, a Saudi Arabian media platform. The leaked dataset purportedly contains 107,084 subscriber email addresses and a Bitmovin license key. The data is distributed via a points-gated download link on the forum.
Date: 2026-05-14T08:30:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-SA-thmanyah-com-Leaked-Download
Screenshots:
None
Threat Actors: lulzintel
Victim Country: Saudi Arabia
Victim Industry: Media
Victim Organization: Thmanyah
Victim Site: thmanyah.com
Alleged leak of 10,000 credit card records
Category: Data Leak
Content: Threat actor shared a link to pixeldrain.com containing 10,000 credit card records, made available for free download.
Date: 2026-05-14T08:28:22Z
Network: telegram
Published URL: https://t.me/c/2613583520/81246
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Pierre Hermé by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 14, 2026, the attacker azraelzer0d4y, operating under the team b1ohaz4rd, defaced a media/customer subdirectory page on the website of Pierre Hermé, the renowned French luxury pastry brand. The incident was a targeted single-page defacement rather than a mass or home page attack. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-14T08:25:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922255
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: France
Victim Industry: Food & Beverage / Luxury Confectionery
Victim Organization: Pierre Hermé
Victim Site: www.pierreherme.com
Alleged sale of compromised mail access and credential dumps across multiple countries
Category: Combo List
Content: Threat actors advertising sale of compromised email access, fullz (complete credit card information), database dumps, and account credentials across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Vendors offering mail access configs, scripts, tools, combo lists, and fresh card fullz with pricing starting at $5-8 per item. Also advertising compromised accounts for retail platforms (Shopapp, Kohls, Macys, Target, Sam Club, eBay, Poshmark, Amazon, Walmart, Alibaba, Mercari) and webmail access.
Date: 2026-05-14T08:23:52Z
Network: telegram
Published URL: https://t.me/c/2613583520/81233
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Retail, Financial Services, Email Providers
Victim Organization: Unknown
Victim Site: Unknown
Germany combo list (WEB.DE, GMX.DE) — 4 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4 million credential pairs targeting German email services WEB.DE and GMX.DE. The credentials are advertised as free and shared via Telegram channels. No breach of a specific organization is claimed; the post appears to offer credential stuffing material.
Date: 2026-05-14T08:22:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75219/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,437 hits
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list advertised as 1,437 valid Hotmail credential hits. The post markets the credentials as premium and includes a download link, with contact via Telegram.
Date: 2026-05-14T08:22:12Z
Network: openweb
Published URL: https://crackingx.com/threads/75220/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Biendichvien by DimasHxR
Category: Defacement
Content: On May 14, 2026, threat actor DimasHxR defaced a page on biendichvien.com, a Vietnamese translation services website. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a partial or targeted defacement. The attacker operated independently without affiliation to a known team.
Date: 2026-05-14T08:13:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922249
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Translation/Language Services
Victim Organization: Biendichvien
Victim Site: biendichvien.com
Website Defacement of Billionaires Estate by DimasHxR
Category: Defacement
Content: On May 14, 2026, the website billionairesestate.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without an affiliated team. The defacement targeted a specific page rather than the homepage and was not conducted as part of a mass defacement campaign. No specific motivation or technical details regarding the exploitation method were disclosed.
Date: 2026-05-14T08:11:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922247
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Real Estate / Luxury Lifestyle
Victim Organization: Billionaires Estate
Victim Site: billionairesestate.com
Website Defacement of Vieclamtaixe by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a subpage of vieclamtaixe.com, a Vietnamese job portal likely focused on driver employment services. The attacker targeted a specific page (b.html) rather than the homepage, indicating a targeted page-level defacement. No group affiliation, stated motive, or technical details regarding the attack vector were disclosed.
Date: 2026-05-14T08:08:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922250
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Employment and Recruitment
Victim Organization: Viec Lam Tai Xe
Victim Site: vieclamtaixe.com
Sale of mixed-country Yahoo.com combo list with 784,000 lines
Category: Combo List
Content: A threat actor is sharing a combo list of 784,000 email:password lines targeting Yahoo.com accounts, advertised as mixed-country and labeled for 2026. The post was made on a public cracking forum.
Date: 2026-05-14T08:05:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-784-000-Lines-%E2%9C%85-Mixed-Country-Yahoo-com-COmbolist-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email:password combo list targeting multiple country domains
Category: Combo List
Content: A threat actor is offering an email:password combo list containing credentials from multiple country domains including .be, .cz, .it, .jp, and .kr. The post advertises the list via Telegram. No record count or pricing details are specified.
Date: 2026-05-14T08:05:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-EmailPass-be-cz-it-jp-kr-domainstre1–2093610
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.6K USA email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,600 US-based email account credentials. The post indicates the data is from a private collection labeled TRAX PRIVATE and was made available for free on the forum.
Date: 2026-05-14T08:05:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A81-6k-USA-MAIL-ACCESS-MIX%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts (3,653 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 3,653 Hotmail login credentials, marketed as UHQ (ultra-high quality). The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-14T08:04:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3653x-hotmail-login-uhq
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ valid mail access combo list
Category: Combo List
Content: A threat actor is offering 630 UHQ (ultra-high quality) valid mail access credentials on a cybercrime forum. The content is hidden behind a registration or login wall, limiting visibility into the specific mail providers or data fields involved.
Date: 2026-05-14T08:04:40Z
Network: openweb
Published URL: https://patched.to/Thread-630-uhq-valid-mail-access
Screenshots:
None
Threat Actors: randiman11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Rio Veículos by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a page on the Brazilian automotive website Rio Veículos (www.rioveiculos.com/b.html). The attack was a targeted single-page defacement with no team affiliation reported. No specific motive or server details were disclosed.
Date: 2026-05-14T08:02:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922218
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Automotive / Vehicle Sales
Victim Organization: Rio Veículos
Victim Site: www.rioveiculos.com
Sale of Netflix account checker tool
Category: Combo List
Content: A threat actor is distributing a free Netflix account checker tool capable of 500 checks per minute with proxy support. The tool accepts multiple credential formats including email:password and combo list files. This tool is intended for credential stuffing attacks against Netflix accounts.
Date: 2026-05-14T08:01:20Z
Network: openweb
Published URL: https://altenens.is/threads/clapper-board-free-netflix-account-checker.2939467/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Skybloger by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a page on the Iranian website skybloger.ir. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted single-page defacement. No team affiliation, motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T08:00:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922220
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Iran
Victim Industry: Blogging / Media
Victim Organization: Skybloger
Victim Site: skybloger.ir
Website Defacement of elnuya.com by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias DimasHxR defaced a page on elnuya.com (elnuya.com/b.html). The attacker acted independently without affiliation to a known group. The targeted server OS and software details were not identified at the time of reporting.
Date: 2026-05-14T07:58:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922219
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: elnuya.com
Website Defacement of mindby.my.id by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the handle DimasHxR defaced a page on the Indonesian domain mindby.my.id. The attack targeted a specific subpage (b.html) and was not classified as a mass or home defacement. No team affiliation, motive, or server details were disclosed in connection with this incident.
Date: 2026-05-14T07:52:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922214
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mindby.my.id
Website Defacement of ADR Promo by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor known as DimasHxR defaced a page on the Brazilian advertising and promotions website adrpromo.adv.br. The attack targeted a specific subpage (b.html) and was not classified as a mass or home defacement. No team affiliation or stated motive was associated with the incident.
Date: 2026-05-14T07:49:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922216
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Marketing and Advertising
Victim Organization: ADR Promo
Victim Site: www.adrpromo.adv.br
Alleged data leak of Indonesia Ministry of Home Affairs officials
Category: Data Leak
Content: A threat actor operating under the alias MrJupiter claims to have leaked personal data of officials from Indonesias Ministry of Home Affairs on a public forum. The actor states this is a partial release and threatens to expose additional data if corruption continues. No specific record count or data fields were disclosed in the post.
Date: 2026-05-14T07:44:36Z
Network: openweb
Published URL: https://breached.st/threads/free-database-of-ministry-of-home-affairs-official-numbers.87095/unread
Screenshots:
None
Threat Actors: MrJupiter
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Ministry of Home Affairs Indonesia
Victim Site: Unknown
Website Defacement of Butelka-na-wode.pl by DimasHxR
Category: Defacement
Content: On May 14, 2026, the Polish website butelka-na-wode.pl was defaced by a threat actor identified as DimasHxR acting independently without a team affiliation. The attack targeted a specific page (b.html) and was not classified as a mass or home page defacement, suggesting a targeted page-level intrusion. The incident was documented and mirrored by zone-xsec.com for threat intelligence purposes.
Date: 2026-05-14T07:43:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922199
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Retail / Consumer Goods
Victim Organization: Butelka na Wode
Victim Site: butelka-na-wode.pl
Website Defacement of AnySharp by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a page on anysharp.pl, a Polish commercial website. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted single-page defacement. No team affiliation, stated motive, or technical details regarding the exploitation method were disclosed.
Date: 2026-05-14T07:40:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922198
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: E-commerce / Retail
Victim Organization: AnySharp
Victim Site: anysharp.pl
Website Defacement of Potsetplantes by DimasHxR
Category: Defacement
Content: On May 14, 2026, threat actor DimasHxR defaced a subpage of potsetplantes.com, a website likely associated with a plant or gardening retail business. The defacement targeted a specific page (b.html) rather than the homepage, indicating a targeted page-level compromise. No team affiliation, stated motive, or technical details regarding the server infrastructure were identified.
Date: 2026-05-14T07:37:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922197
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Horticulture
Victim Organization: Potsetplantes
Victim Site: potsetplantes.com
Alleged combo list targeting Japan mail services
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,300 email and password pairs purportedly associated with Japanese mail services. The post was made available on a public cracking forum. No additional details are available as the post content is empty.
Date: 2026-05-14T07:33:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A81-3k-JAPAN-MAIL-ACCESS-MIX%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Netflix account checker tool shared on cracking forum
Category: Combo List
Content: A threat actor shared a free, proxyless Netflix account checker tool on a cracking forum. The tool supports HTTP/HTTPS/SOCKS4/SOCKS5 proxies, accepts email:pass and user:pass combo formats, and is advertised at 500 checks per minute. The tool is designed for credential stuffing attacks against Netflix accounts.
Date: 2026-05-14T07:31:53Z
Network: openweb
Published URL: https://nulledbb.com/thread-FREE-Proxyless-Netflix-Account-Checker
Screenshots:
None
Threat Actors: lionelme
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of alishafaghi.com by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the handle DimasHxR defaced a subpage (b.html) of alishafaghi.com. The attack was not classified as a mass or home page defacement, suggesting a targeted intrusion limited to a specific page. No team affiliation, stated motive, or technical indicators were disclosed in connection with this incident.
Date: 2026-05-14T07:31:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922195
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Alisha Faghi
Victim Site: alishafaghi.com
Combo list distribution targeting unspecified services
Category: Combo List
Content: A forum user shared a combo list of 831 credentials behind a hidden content gate on a leakforum. No additional details about the targeted service, data fields, or origin are visible from the post.
Date: 2026-05-14T07:31:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-831x-Verity-Vault-Secure-Drop-%E2%9A%A1
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Universal Account Checker Builder credential-stuffing tool
Category: Combo List
Content: A threat actor is distributing a credential-stuffing tool called Universal Account Checker Builder v8.13 on a cracking forum. The tool is marketed for managing and checking credentials across multiple accounts. Access to the download is restricted to registered forum members.
Date: 2026-05-14T07:31:12Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-Universal-Account-Checker-Builder-v8-13
Screenshots:
None
Threat Actors: LenozaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of RSB Elétrica by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a page on rsbeletrica.com.br, a Brazilian electrical services company. The attack targeted a non-homepage URL (b.html) and was carried out as a single, non-mass defacement. No specific motive or team affiliation was reported in connection with this incident.
Date: 2026-05-14T07:29:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922194
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Electrical Services / Energy
Victim Organization: RSB Elétrica
Victim Site: rsbeletrica.com.br
Website Defacement of Indochina Heritage Tourism by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a subpage of indochinaheritagetourism.com, a travel and tourism website focused on Indochina heritage. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-14T07:22:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922193
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Indochina Heritage Tourism
Victim Site: indochinaheritagetourism.com
Website Defacement of ussbin.com by DimasHxR
Category: Defacement
Content: A threat actor identified as DimasHxR defaced a page on ussbin.com on May 14, 2026. The defacement targeted a specific page (b.html) rather than the homepage, and was not part of a mass defacement campaign. No team affiliation, motive, or server details were disclosed in connection with this incident.
Date: 2026-05-14T07:20:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922191
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ussbin.com
Alleged leak of Indonesian government officials contact information
Category: Data Leak
Content: A forwarded message claims a leak of phone numbers belonging to Indonesian government officials. The leak is attributed to threat actor CatNatXploit and references the BROTHEROOD CAPUNG (BCI) group. A Telegram channel link is provided as the source.
Date: 2026-05-14T07:09:28Z
Network: telegram
Published URL: https://t.me/brotheroodbci/113
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Government of Indonesia
Victim Site: Unknown
Combo List: HQ Mix credentials shared on cracking forum
Category: Combo List
Content: A user on a cracking forum shared a file advertised as an HQ mix combo list. The post contains a download link with no further details about the contents or targeted services.
Date: 2026-05-14T06:49:24Z
Network: openweb
Published URL: https://crackingx.com/threads/75218/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of POLRI (Indonesian National Police)
Category: Data Breach
Content: A forum post on a data breach forum references a database allegedly belonging to POLRI, the Indonesian National Police. No post content was available to confirm details regarding data types, record counts, or the nature of the breach.
Date: 2026-05-14T06:43:33Z
Network: openweb
Published URL: https://breached.st/threads/database-polri-indonesia.87094/unread
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: POLRI (Indonesian National Police)
Victim Site: polri.go.id
Distribution of Fresh Stealer Logs (890MB)
Category: Logs
Content: A forum user is distributing 890MB of stealer logs dated 13-05-2026, marketed as fresh. The post is a bump with no additional technical details provided.
Date: 2026-05-14T06:32:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%EF%B8%8FLOGS-FRESH-890MB-FROM-13-05-2026%E2%AD%90%EF%B8%8F-%E2%98%81
Screenshots:
None
Threat Actors: black_cloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of fresh session cookies
Category: Logs
Content: A forum user known as black_cloudx distributed a collection of fresh session cookies on a cracking forum. The post is a bump with no additional context provided about the origin, volume, or targeted services of the cookies.
Date: 2026-05-14T06:31:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-Cookies-Fresh-Black-Cloudx-2026-05-13
Screenshots:
None
Threat Actors: black_cloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts distributed on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,200 Hotmail mail access credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. The data is described as old and labeled Hotmail VIP Cloud.
Date: 2026-05-14T06:31:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%AA1-2k-hotmail-mail-access%F0%9F%8D%AA%E2%9C%A8-13-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines (Part 338)
Category: Combo List
Content: A threat actor shared a free combo list containing over 8 million URL:log:pass credential pairs, distributed as part 338 of an ongoing series. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-14T06:30:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-338
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 14K credentials distributed on forum
Category: Combo List
Content: A threat actor shared a combo list advertised as containing 14,000 valid Hotmail credentials. The content is marketed as high-quality and fresh hits. The actual download is hidden behind a forum gate.
Date: 2026-05-14T06:30:12Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A114k-HQ-Hotmail-Access-VALID-HITS-Frash-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: hunterX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of mixed combo list with 12K valid credentials
Category: Combo List
Content: A threat actor shared a mixed combo list containing 12K valid email:password credentials via an external paste link. The list is available for free download on the forum.
Date: 2026-05-14T06:29:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-12K-VALID-MIXD
Screenshots:
None
Threat Actors: COYYT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of POLRI (Indonesian National Police)
Category: Data Leak
Content: Post claims leaked data from POLRI (Polisi Republik Indonesia – Indonesian National Police). References official site polri.go.id with hashtags #POLRIINDONESIA and #LEAKEDDATA. Includes Telegram link and photo attachment.
Date: 2026-05-14T06:29:31Z
Network: telegram
Published URL: https://t.me/c/3755871403/472
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Government/Law Enforcement
Victim Organization: POLRI (Polisi Republik Indonesia)
Victim Site: polri.go.id
Sale of Hotmail combo list with 89 UHQ credentials
Category: Combo List
Content: A threat actor is offering a combo list of 89 ultra-high-quality (UHQ) Hotmail credentials. The list is available for free download via a Telegram channel or for purchase through a tiered subscription model ranging from $3 for 24 hours to $100 for three months.
Date: 2026-05-14T06:24:48Z
Network: openweb
Published URL: https://crackingx.com/threads/75216/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Neovendis by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: On May 14, 2026, threat actor aexdy, operating under the group Leviathan Perfect Hunter, defaced the website of Neovendis by placing a defacement file at www.neovendis.com/hx.txt. The incident was a targeted, single-site defacement with no mass or repeated defacement indicators. The attackers motivation and server details remain unknown.
Date: 2026-05-14T06:18:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922189
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Neovendis
Victim Site: www.neovendis.com
Mix unique combo list with 38,000 credentials
Category: Logs
Content: A threat actor shared a mixed unique combo list containing approximately 38,000 credentials on a cybercrime forum. The list is offered as a free release with no specific target service identified.
Date: 2026-05-14T06:14:44Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_1_38000.613809/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of DeedParts by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, the website deedparts.com was defaced by a threat actor operating under the alias agumon with no affiliated team. The attack targeted a media/customer directory path and was a singular, non-mass defacement event. Technical details such as server software and IP address were not captured, leaving the attack vector and origin undetermined.
Date: 2026-05-14T06:12:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922164
Screenshots:
None
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Automotive Parts / E-Commerce
Victim Organization: DeedParts
Victim Site: deedparts.com
Website Defacement of School Bells Uniforms by agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias agumon defaced a subdirectory of schoolbellsuniforms.co.uk, a UK-based school uniforms retailer. The attack was a singular, targeted defacement with no team affiliation reported and no mass or home page compromise involved. Technical details such as server software and IP address were not disclosed in the available intelligence.
Date: 2026-05-14T06:11:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922178
Screenshots:
None
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Retail (School Uniforms)
Victim Organization: School Bells Uniforms
Victim Site: schoolbellsuniforms.co.uk
Website Defacement of Scottish Kilt Store by Threat Actor Agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a media directory of scottishkiltstore.co.uk, a UK-based online retail store specializing in Scottish kilts and related apparel. The attack was a targeted, non-mass defacement with no stated motive or team affiliation. A mirror of the defaced page was archived via zone-xsec.com.
Date: 2026-05-14T06:11:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922175
Screenshots:
None
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Retail / E-Commerce
Victim Organization: Scottish Kilt Store
Victim Site: scottishkiltstore.co.uk
Website Defacement of Attar Kunj by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a subdirectory of attarkunj.com, targeting a page within the sites media/custom path. The attacker operated independently without a known team affiliation. The defacement was a targeted single-page attack, not a mass or home page defacement, with technical details such as server software and IP remaining unidentified.
Date: 2026-05-14T06:10:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922163
Screenshots:
None
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Attar Kunj
Victim Site: attarkunj.com
Website Defacement of Crafty Arts by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a page on craftyarts.co.uk, a UK-based arts and crafts retailer. The attack targeted a subdirectory of the site rather than the homepage, indicating a partial or targeted defacement. No team affiliation, motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-14T06:09:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922165
Screenshots:
None
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Arts and Crafts / Retail
Victim Organization: Crafty Arts
Victim Site: craftyarts.co.uk
Website Defacement of KidsLuxury by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a media directory path on kidsluxury.nl, a Netherlands-based childrens luxury retail website. The attack was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed in the available incident data.
Date: 2026-05-14T06:08:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922169
Screenshots:
None
Threat Actors: agumon
Victim Country: Netherlands
Victim Industry: Retail / E-Commerce (Childrens Luxury Goods)
Victim Organization: Kids Luxury
Victim Site: kidsluxury.nl
Alleged sale of 527k cryptocurrency email database by xyph0rix
Category: Data Leak
Content: Threat actor xyph0rix is advertising a database containing approximately 527,000 worldwide cryptocurrency-related email addresses on Breachforums. Active thread includes Telegram channel link for interested buyers/downloaders.
Date: 2026-05-14T06:08:36Z
Network: telegram
Published URL: https://t.me/Xyph0rix/360
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of McElroy Fabrics by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced the website of McElroy Fabrics, a UK-based fabrics and textiles retailer. The attack targeted a subdirectory of the domain and was carried out as a single, targeted defacement rather than a mass or redefacement incident. No specific motive, team affiliation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T06:08:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922171
Screenshots:
None
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Retail / Textiles
Victim Organization: McElroy Fabrics
Victim Site: mcelroyfabrics.co.uk
Website Defacement of Seeds24.de by Threat Actor Agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias agumon defaced a subdirectory of seeds24.de, a German-based seeds or gardening retail website. The defacement targeted a specific media/customer address path rather than the homepage, suggesting a targeted directory compromise. No team affiliation, specific motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T06:07:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922174
Screenshots:
None
Threat Actors: agumon
Victim Country: Germany
Victim Industry: Retail / E-commerce
Victim Organization: Seeds24
Victim Site: seeds24.de
Website Defacement of Quality Nutrition by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced the Brazilian nutrition website qualitynutrition.com.br, targeting a subdirectory within the media path. The attack was conducted as a solo operation with no affiliated team, and was not classified as a mass or home page defacement. Technical details regarding the server environment and attack vector remain unknown.
Date: 2026-05-14T06:06:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922172
Screenshots:
None
Threat Actors: agumon
Victim Country: Brazil
Victim Industry: Health & Nutrition / Retail
Victim Organization: Quality Nutrition
Victim Site: qualitynutrition.com.br
Website Defacement of Irish Grass Machinery by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced the website of Irish Grass Machinery, an Irish agricultural machinery business. The attack targeted a subdirectory of the domain and was carried out as a single, non-mass defacement with no stated motive. No team affiliation was associated with the attacker.
Date: 2026-05-14T06:06:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922187
Screenshots:
None
Threat Actors: agumon
Victim Country: Ireland
Victim Industry: Agriculture / Machinery Retail
Victim Organization: Irish Grass Machinery
Victim Site: irishgrassmachinery.ie
Website Defacement of VMG Factory by Attacker agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias agumon defaced a subdirectory of vmgfactory.com, targeting the sites public media/customer content path. The attacker acted independently without affiliation to a known group. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-14T06:05:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922188
Screenshots:
None
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: VMG Factory
Victim Site: vmgfactory.com
Website Defacement of Russell Athletic UK by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a page on russellathletic.co.uk, the UK web presence of the sportswear brand Russell Athletic. The defacement targeted a specific sub-path within the sites media directory and was carried out as a standalone, non-mass defacement. No team affiliation, stated motive, or technical server details were disclosed in association with the incident.
Date: 2026-05-14T06:04:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922184
Screenshots:
None
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Retail / Sportswear
Victim Organization: Russell Athletic
Victim Site: russellathletic.co.uk
Website Defacement of Kavosmuge by Threat Actor Agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a subdirectory of the Lithuanian website kavosmuge.lt, targeting the media/customer path. The incident was a targeted single-site defacement with no team affiliation reported. Server and operating system details were not identified at the time of reporting.
Date: 2026-05-14T06:03:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922168
Screenshots:
None
Threat Actors: agumon
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Kavosmuge
Victim Site: kavosmuge.lt
Website Defacement of Scowi by Attacker agumon
Category: Defacement
Content: A threat actor operating under the alias agumon defaced a page on scowi.com, targeting the media directory of the website. The defacement was a single targeted incident, not part of a mass or home page defacement campaign. No team affiliation, motive, or server details were disclosed in association with this attack.
Date: 2026-05-14T06:03:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922181
Screenshots:
None
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Scowi
Victim Site: scowi.com
Website Defacement of Pacific Consultancy by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the handle agumon defaced a media subdirectory of pacific-consultancy.com. The attacker acted independently without affiliation to a known hacking team. Technical details such as the server OS, web IP, and exploitation method remain undisclosed.
Date: 2026-05-14T06:02:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922180
Screenshots:
None
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Consulting/Professional Services
Victim Organization: Pacific Consultancy
Victim Site: pacific-consultancy.com
Website Defacement of Auto724 by Threat Actor Agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias agumon defaced a page on auto724.dk, a Danish automotive website. The defacement targeted a specific media/customer address path rather than the homepage, indicating a targeted sub-page attack. The attacker appears to be operating independently without affiliation to a known group.
Date: 2026-05-14T06:01:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922161
Screenshots:
None
Threat Actors: agumon
Victim Country: Denmark
Victim Industry: Automotive
Victim Organization: Auto724
Victim Site: auto724.dk
Website Defacement of Dimples LB by Threat Actor Agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a media/customer directory page on dimpleslb.com, a likely Lebanese retail or consumer goods website. The attack was a targeted single-site defacement with no team affiliation reported. Technical details including server software and attack vector remain unknown, though the incident was archived via zone-xsec.com.
Date: 2026-05-14T06:00:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922166
Screenshots:
None
Threat Actors: agumon
Victim Country: Lebanon
Victim Industry: Retail / Consumer Goods
Victim Organization: Dimples LB
Victim Site: dimpleslb.com
Website Defacement of Greenloops by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, threat actor agumon defaced a media directory page on the Indian website greenloops.in. The attack targeted a specific sub-path rather than the homepage, suggesting a targeted intrusion into a specific section of the web server. The defacement was carried out without affiliation to a known hacking team, and technical details regarding the server infrastructure remain unknown.
Date: 2026-05-14T05:59:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922167
Screenshots:
None
Threat Actors: agumon
Victim Country: India
Victim Industry: Unknown
Victim Organization: Greenloops
Victim Site: greenloops.in
Website Defacement of Uniformes Medexpress by Threat Actor agumon
Category: Defacement
Content: A threat actor operating under the handle agumon defaced a subdirectory of uniformesmedexpress.pe, a Peruvian medical uniform retailer, on May 14, 2026. The defacement targeted a specific media path rather than the homepage, indicating a partial or targeted intrusion. No team affiliation, stated motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T05:59:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922186
Screenshots:
None
Threat Actors: agumon
Victim Country: Peru
Victim Industry: Retail / Healthcare Uniforms
Victim Organization: Uniformes Medexpress
Victim Site: uniformesmedexpress.pe
Website Defacement of Skladykaskada by Threat Actor agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias agumon defaced a subdirectory of the Polish website skladykaskada.pl, targeting a media/custom path rather than the homepage. The attack appears to be a standalone, non-mass defacement with no team affiliation or stated motive recorded. The incident was documented and mirrored by zone-xsec.com.
Date: 2026-05-14T05:58:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922182
Screenshots:
None
Threat Actors: agumon
Victim Country: Poland
Victim Industry: Retail / E-commerce
Victim Organization: Sklady Kaskada
Victim Site: skladykaskada.pl
Sale of Shopping and Education sector combo list with 130K credentials
Category: Combo List
Content: A combo list containing 130,027 email:password lines is being distributed on a cracking forum. The list is marketed as high-quality (HQ) and targets shopping and education sector accounts. No specific breached organization is identified.
Date: 2026-05-14T05:57:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-130-027-Lines-%E2%9C%85-Shopping-Target-HQ-Edu-education-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of teol-ba.website by Attacker agumon
Category: Defacement
Content: On May 14, 2026, an attacker operating under the alias agumon defaced a page hosted on teol-ba.website, targeting a media or customer-related subdirectory. The incident was a single targeted defacement with no team affiliation, mass defacement activity, or redefacement indicators. Technical details such as server software, IP address, and attack methodology were not disclosed.
Date: 2026-05-14T05:57:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922177
Screenshots:
None
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: teol-ba.website
Mixed email:password combo list freely distributed on cracking forum
Category: Combo List
Content: A threat actor on Cracked.st shared a mixed email:password combo list containing approximately 150,000 credential pairs at no charge. The list is described as high quality and is available to registered forum members.
Date: 2026-05-14T05:57:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%EF%B8%8F-150K-%E2%AD%90%EF%B8%8F-MIXED-HIGH-QUALITY-COMBOLIST-%E2%AD%90%EF%B8%8F-EMAIL-PASS-%E2%AD%90%EF%B8%8F–2093584
Screenshots:
None
Threat Actors: Bears
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed domain combo list targeting shopping services
Category: Combo List
Content: A combo list of approximately 1.67 million email:password credentials is being shared on a cracking forum, marketed as a mixed-domain list targeting shopping services. No additional details are available from the post content.
Date: 2026-05-14T05:57:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-675-798-Mixed-Domain-Shopping-target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Paving Stones UK by Threat Actor Agumon
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias agumon defaced a media/customer-facing page on pavingstones.uk, a UK-based paving and construction materials retailer. The attack was an individual, non-mass defacement targeting a subdirectory of the website. No team affiliation, specific motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T05:56:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922179
Screenshots:
None
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Retail / Construction Materials
Victim Organization: Paving Stones UK
Victim Site: pavingstones.uk
Sale of mixed corporate and educational email credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 20,833 mixed corporate and educational email:password pairs, marketed as fully valid. The list appears to target organizational and educational email accounts for potential credential stuffing.
Date: 2026-05-14T05:52:13Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%E2%AD%90%E2%AD%9020833-MIX-CORP-EDU-MAIL-PASS-FULL-VALID-100-%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of shell access to Indonesian government subdomains
Category: Initial Access
Content: Threat actor offering compromised shell access to multiple subdomains of an Indonesian government domain (*.ac.id). Pricing: 200k for single domain, 450k for all subdomains. Contact via Telegram @m4ul1337.
Date: 2026-05-14T05:28:19Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1736
Screenshots:
None
Threat Actors: m4ul1337
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: *.ac.id
Free mixed mail combo list (unchecked)
Category: Combo List
Content: A threat actor shared a mixed mail combo list on a cracking forum at no charge. The credentials are unchecked and unverified. No specific victim organization or country is identified.
Date: 2026-05-14T05:25:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-MIXED-MAIL-COMBOS-UNCHECKED
Screenshots:
None
Threat Actors: ASTROALIEN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of 12K Hotmail credential hits
Category: Combo List
Content: A forum post on a combolist section advertises 12,000 high-quality Hotmail credential hits. The content is hidden behind a registration or login wall, limiting visibility into specific details.
Date: 2026-05-14T05:24:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-12k-hq-hotmail-hit-%E2%9C%85-302158
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Wonjin Surgery hospital exposing patient medical records
Category: Data Breach
Content: A threat actor is selling alleged patient data from Wonjin Surgery hospital in South Korea, covering the period from 2020 to March 2026. The dataset reportedly includes personal privacy information, surgery videos and images, and records of notable celebrities. The seller is offering individual records at $0.10 each and claims evidence is available on an external file-sharing site.
Date: 2026-05-14T05:23:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-South-Korea-Wonjin-Surgery-patients-privacy-2020-2026-3-100K-records
Screenshots:
None
Threat Actors: wilson008
Victim Country: South Korea
Victim Industry: Healthcare
Victim Organization: Wonjin Surgery
Victim Site: k-wonjin.co.kr
Sale of multiple Turkish casino platform databases
Category: Data Breach
Content: A threat actor operating under the alias LockBitData is selling databases allegedly obtained from over 80 Turkish online casino and sports betting platforms, including Grandbetting, Holiganbet, Grandpashabet, Onwin, and others. The seller is directing prospective buyers to a Telegram channel for transaction details. Sample data is offered behind a registration wall on the forum.
Date: 2026-05-14T05:16:57Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-%E2%AD%90Turkiye-Casino-Databases-T%C3%9CRK%C4%B0YE-%E2%AD%90
Screenshots:
None
Threat Actors: LockBitData
Victim Country: Turkey
Victim Industry: Gambling
Victim Organization: Multiple Turkish Casino Platforms
Victim Site: Unknown
Sale of alleged data breach of Egyptian university payment gateway (mutreasury) with admin credentials, API keys, and zero-day exploit
Category: Data Breach
Content: A threat actor is selling a database dump from mutreasury, a centralized payment gateway serving 28+ Egyptian universities. The stolen data allegedly includes admin credentials, live API tokens, ERP integration configs, financial routing credentials, and student payment transaction records containing PII. The actor also claims to be selling an associated zero-day unauthenticated access vulnerability enabling persistent access to the remaining connected university targets.
Date: 2026-05-14T05:15:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-EGY-mutreasury-Payment-Gateway-28-Egyptian-Universities-Admin-Credential
Screenshots:
None
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Education
Victim Organization: mutreasury
Victim Site: mutreasury.eg
Sale of C++ info-stealer source code with Chromium decryption and crypto wallet grabber
Category: Malware
Content: A threat actor is selling the full C++ source code for an information stealer targeting Chromium-based browsers, saved credentials, cookies, crypto wallets, and system information. The stealer exfiltrates data via Discord webhooks and is reported to score 2/72 on VirusTotal. The seller states the code compiles on MSVC and MinGW and is open to negotiated pricing.
Date: 2026-05-14T05:08:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Stealer-C-Source-2-72-VT-Chromium-Decrypt-Wallet-Grabber
Screenshots:
None
Threat Actors: 0rsted_
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of counterfeit currency with machine-bypass capability
Category: Cyber Attack
Content: User yongxiao is promoting counterfeit banknotes (精品假钞) advertised as capable of passing currency verification machines. Sharing Telegram link for distribution/sales.
Date: 2026-05-14T05:00:24Z
Network: telegram
Published URL: https://t.me/c/2613583520/81134
Screenshots:
None
Threat Actors: yongxiao
Victim Country: Unknown
Victim Industry: Financial
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 527K worldwide cryptocurrency email database
Category: Data Leak
Content: A threat actor is freely distributing a compilation of approximately 527,000 email records purportedly sourced from multiple cryptocurrency-related databases worldwide. The post does not specify the origin organizations or the methods used to obtain the data.
Date: 2026-05-14T04:59:04Z
Network: openweb
Published URL: https://breached.st/threads/527k-worldwide-cypto-email-database.87093/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of efcformation.com
Category: Data Leak
Content: A threat actor leaked an alleged database from efcformation.com, a French vocational training organization, containing approximately 49,000 records totaling 1.3 GB. The data includes structured enrollment records with student names, course information, and associated PDF documents. The actor indicated a forthcoming release of a larger 41 GB set of user-related documents.
Date: 2026-05-14T04:53:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-49K-Efcformation-com-1-3-GB
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: EFC Formation
Victim Site: efcformation.com
Alleged data leak of 5 million French personal records and Iranian email credentials
Category: Data Leak
Content: A threat actor announcing their retirement from cybercrime activity freely distributed two files: one containing 4 compromised Iranian email accounts and another allegedly containing 5 million French personal records. The files were made available via anonymous file-sharing links with no price attached.
Date: 2026-05-14T04:52:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-last-post
Screenshots:
None
Threat Actors: NearLeVrai
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Efcformation.com
Category: Data Breach
Content: A threat actor is selling 41 GB of data allegedly exfiltrated from efcformation.com, comprising approximately 60,683 PDF files. The dataset purportedly includes student documents, teacher documents, bank documents, certificates, and invoices.
Date: 2026-05-14T04:52:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-FR-41-GB-of-Efcformation-com
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: Unknown
Victim Industry: Education
Victim Organization: EFC Formation
Victim Site: efcformation.com
Alleged cyber attack and extortion campaign against Ellucian PowerCampus by ShadowByt3S
Category: Cyber Attack
Content: Threat actor group ShadowByt3S claims to have breached Ellucian PowerCampus and is extorting the company with 2.29 GB of data affecting multiple educational institutions. The group has issued a one-week ultimatum to make contact or they will leak data to affected schools via a dark web leak site. ShadowByt3S also advertises an Extortion as a Service affiliate program for other threat actors.
Date: 2026-05-14T04:51:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-We-are-Back-ShadowByt3-2-0-Ellucian-powercampus-has-1-week-to-contact-us
Screenshots:
None
Threat Actors: ShadowByt3S
Victim Country: United States
Victim Industry: Technology
Victim Organization: Ellucian PowerCampus
Victim Site: ellucian.com
Alleged leak of 5 million French database records
Category: Data Breach
Content: Threat actor xyph0rix posted on Breachforums claiming a database containing 5 million French records. The post includes links to the user profile and the specific thread discussing the breach.
Date: 2026-05-14T04:46:39Z
Network: telegram
Published URL: https://t.me/Xyph0rix/359
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 1,497 credentials marketed as valid Hotmail accounts. The content is hidden behind a login/registration wall on the forum. No breach of Microsoft or Hotmail infrastructure is implied; these are likely credential-stuffed or aggregated hits.
Date: 2026-05-14T04:44:44Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A11497x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list with 25.83 million records via Daxus.pro
Category: Logs
Content: A threat actor operating under the Daxus.pro brand is offering a URL:LOG:PASS dataset containing approximately 25.83 million records, marketed as UHQ (ultra-high quality). The dataset is distributed via their website and Telegram channel, with bot-based access available.
Date: 2026-05-14T04:41:35Z
Network: openweb
Published URL: https://xforums.st/threads/url-log-pass-25-83-m-daxus-pro-uhq.613808/
Screenshots:
None
Threat Actors: DaxusULP
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Cyprus Airways
Category: Data Breach
Content: Threat actor xyph0rix posted on Breachforums claiming a database breach of cyprusairways.com. The breach details and affected data volume are referenced in the Breachforums thread.
Date: 2026-05-14T04:36:05Z
Network: telegram
Published URL: https://t.me/Xyph0rix/358
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Cyprus
Victim Industry: Aviation
Victim Organization: Cyprus Airways
Victim Site: cyprusairways.com
Alleged data leak of Cyprus Airways
Category: Data Leak
Content: A threat actor on a cybercrime forum has made available an alleged database dump attributed to Cyprus Airways (cyprusairways.com). The post includes a download link but provides no additional details regarding the number of records or data fields contained in the dump.
Date: 2026-05-14T04:25:13Z
Network: openweb
Published URL: https://breached.st/threads/database-cyprusairways-com.87091/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Cyprus
Victim Industry: Transportation
Victim Organization: Cyprus Airways
Victim Site: cyprusairways.com
Alleged data breach of Qualita Indonesia HRIS database
Category: Data Breach
Content: A user on Breachforums has shared a database breach allegedly from qualita-indonesia.net (HRIS system). The breach was posted by user xyph0rix on the Breachforums platform.
Date: 2026-05-14T04:17:29Z
Network: telegram
Published URL: https://t.me/Xyph0rix/357
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Indonesia
Victim Industry: Human Resources/HRIS
Victim Organization: Qualita Indonesia
Victim Site: qualita-indonesia.net
Sale of Hotmail credential combo list with inbox targets and country sort
Category: Combo List
Content: A threat actor is distributing a combo list of 1,637 claimed high-quality Hotmail credential hits. The post includes downloads sorted by country and keyword-targeted inbox filters, marketed for credential stuffing use.
Date: 2026-05-14T04:12:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84-1637x-HQ-HOTMAIL-HITS-%E2%9D%84-INBOXES-TARGETS-SORTED-COUNTRIES
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Brazilian Accounting Firm Contabilidade Contex by 3XPLOIT.ID
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias Anonym and affiliated with the group 3XPLOIT.ID defaced the website of Contabilidade Contex, a Brazilian accounting firm. The attack targeted a Linux-based web server and was recorded as a single-site, non-mass defacement. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-14T04:10:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249223
Screenshots:
None
Threat Actors: Anonym, 3XPLOIT.ID
Victim Country: Brazil
Victim Industry: Financial Services / Accounting
Victim Organization: Contabilidade Contex
Victim Site: contabilidadecontex.com.br
Mass Defacement of Brazilian Accounting Firm by 3XPLOIT.ID
Category: Defacement
Content: On May 14, 2026, a threat actor identified as Anonym operating under the group 3XPLOIT.ID conducted a mass defacement campaign targeting the mail server of Contabilidade Contex, a Brazilian accounting firm. The defacement was hosted on a Linux-based server and archived at haxor.id. This incident is part of a broader mass defacement operation attributed to the 3XPLOIT.ID group.
Date: 2026-05-14T04:08:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249224
Screenshots:
None
Threat Actors: Anonym, 3XPLOIT.ID
Victim Country: Brazil
Victim Industry: Financial Services / Accounting
Victim Organization: Contabilidade Contex
Victim Site: mail.contabilidadecontex.com.br
Alleged data breach of Cyprus Airways
Category: Data Breach
Content: A user named xyph0rix has posted a thread on Breachforums claiming a database breach of cyprusairways.com. The breach details are shared via a Breachforums thread.
Date: 2026-05-14T04:06:31Z
Network: telegram
Published URL: https://t.me/Xyph0rix/356
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Cyprus
Victim Industry: Aviation
Victim Organization: Cyprus Airways
Victim Site: cyprusairways.com
SMS verification service promotion for OTP bypass and account registrations
Category: Services
Content: A forum member is promoting a virtual SMS number service (sms-man.com) for OTP verifications and account registrations on platforms such as Telegram, Discord, and Gmail. The service offers numbers across multiple countries and is advertised as stable and fast. The post includes a referral link and a Telegram contact for the seller.
Date: 2026-05-14T04:05:29Z
Network: openweb
Published URL: https://crackingx.com/threads/75207/
Screenshots:
None
Threat Actors: taibmad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,764 hits
Category: Combo List
Content: A threat actor shared a combo list advertised as 1,764 premium Hotmail hits on a cracking forum. The post contains a download link with no additional details provided.
Date: 2026-05-14T03:55:37Z
Network: openweb
Published URL: https://crackingx.com/threads/75209/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Hotmail Europa Combo List (7 Million Records)
Category: Combo List
Content: A threat actor is offering a combo list of approximately 7 million Hotmail credentials targeting European accounts. The list is advertised as high quality and distributed via Telegram channels. Access requires contacting the seller directly or joining their Telegram groups.
Date: 2026-05-14T03:55:18Z
Network: openweb
Published URL: https://crackingx.com/threads/75211/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Qualita Indonesia HRIS database
Category: Data Leak
Content: A threat actor shared what is claimed to be a database dump from hris.qualita-indonesia.net, the HRIS portal of Qualita Indonesia. The post provides a download link with no further details on record count or data types included.
Date: 2026-05-14T03:52:29Z
Network: openweb
Published URL: https://breached.st/threads/database-hris-qualita-indonesia-net.87088/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Qualita Indonesia
Victim Site: hris.qualita-indonesia.net
Alleged data breach of Qualita Indonesia HRIS database
Category: Data Breach
Content: A user on Breachforums has shared a database breach allegedly from qualita-indonesia.net HRIS (Human Resources Information System). The breach was posted by user xyph0rix on the Breachforums platform.
Date: 2026-05-14T03:51:54Z
Network: telegram
Published URL: https://t.me/Xyph0rix/355
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Indonesia
Victim Industry: Human Resources/HRIS
Victim Organization: Qualita Indonesia
Victim Site: qualita-indonesia.net
Alleged data leak of SMPN 3 Batang teacher database
Category: Data Leak
Content: A threat actor has leaked what appears to be a database of teachers from SMPN 3 Batang, a public middle school in Indonesia. The data includes employee IDs, full names, academic credentials, subjects taught, and assigned roles or homeroom classes. The data was shared freely on a public forum.
Date: 2026-05-14T03:51:45Z
Network: openweb
Published URL: https://breached.st/threads/database-guru-smpn-3-batang.87086/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMPN 3 Batang
Victim Site: Unknown
Alleged data breach of Nexo
Category: Data Breach
Content: A threat actor is sharing what is claimed to be a database from Nexo, a cryptocurrency platform, containing approximately 1.7 million records. The post includes a download link but provides no further details about the data fields or the method of compromise.
Date: 2026-05-14T03:51:15Z
Network: openweb
Published URL: https://breached.st/threads/database-nexo-com-crypto-1-7m.87087/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Nexo
Victim Site: nexo.com
Alleged data leak of Chinese ID cards, credit cards, and business information
Category: Data Leak
Content: A threat actor leaked a 6.4GB archive claimed to contain Chinese ID cards, credit card data, contracts, and business information. The data is shared freely on a dark web forum, gated behind a reply requirement. No specific source organization or breach details are provided.
Date: 2026-05-14T03:46:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-CHINA-ID-Cards-Credit-Cards-Business-Information-6-4GB-Part-3
Screenshots:
None
Threat Actors: ALTGIANT
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Nexo cryptocurrency platform – 1.7M records
Category: Data Breach
Content: A threat actor with handle xyph0rix posted on Breachforums claiming a database breach of nexo.com (Nexo cryptocurrency platform) containing approximately 1.7 million records. The breach details were shared via Breachforums thread.
Date: 2026-05-14T03:44:27Z
Network: telegram
Published URL: https://t.me/Xyph0rix/354
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: Cryptocurrency/Finance
Victim Organization: Nexo
Victim Site: nexo.com
Alleged defacement of Indonesian government websites by Mr.PIMZZZXploit
Category: Defacement
Content: Multiple websites belonging to Sukabumi Regency government in Indonesia have been defaced by threat actor Mr.PIMZZZXploit. Affected domains include bakesbangpol.sukabumikab.go.id, kec-cimanggu.sukabumikab.go.id, disdagin.sukabumikab.go.id, and kec-purabaya.sukabumikab.go.id. Defacement proof and mirror link shared on Babayo Eror System channel.
Date: 2026-05-14T03:42:27Z
Network: telegram
Published URL: https://t.me/c/3865526389/931
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sukabumi Regency Government
Victim Site: sukabumikab.go.id
Combo list of 841,232 lines targeting social and shopping platforms
Category: Combo List
Content: A combo list of 841,232 email:password lines has been shared on a cracking forum, marketed as suitable for credential stuffing against social media and shopping platforms. The content is described as sourced from leaks dated 2026. No further details are available from the post content.
Date: 2026-05-14T03:39:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-841-232-Lines-%E2%9C%85-Goods-For-Social-and-Shopping-Target-LEaks-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 40/100)
Category: Combo List
Content: A threat actor is freely distributing a South Korea email combo list as part of an ongoing batch series (Batch 40 of 100). The content is hidden behind registration or login, suggesting it is shared within a closed forum community.
Date: 2026-05-14T03:39:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-40-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Wonjin Surgery patient records including surgery videos and images
Category: Data Leak
Content: A threat actor claims to possess personal and medical data of patients who underwent surgery at Wonjin Surgery Hospital between 2020 and March 2026, encompassing approximately 100,000 records. The dataset allegedly includes surgery videos and images, as well as data pertaining to celebrities. The data is being made available via hidden content links requiring forum registration, with a Telegram contact provided.
Date: 2026-05-14T03:30:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-COLLECTION-South-Korea-Wonjin-Surgery-patients-privacy-2020-2026-3-100K-records
Screenshots:
None
Threat Actors: wilson008
Victim Country: South Korea
Victim Industry: Healthcare
Victim Organization: Wonjin Surgery Hospital
Victim Site: Unknown
Alleged data leak of multiple Chinese retail and construction companies by SnowSoul
Category: Data Leak
Content: A threat actor group identifying as SnowSoul claims to have exfiltrated and leaked data from multiple Chinese companies, including database backups (BAK files totaling several gigabytes), sales records, business documents, and construction drawings associated with retail brands including Amass and Gedi across Xinjiang and other regions. The post references a failed ransom demand of $2,000 USD as motivation for the leak. Files are made available via external file-sharing links.
Date: 2026-05-14T03:20:35Z
Network: openweb
Published URL: https://breached.st/threads/chinese-data-zhong-guo-shu-ju-snowsoul-id-1315.87085/unread
Screenshots:
None
Threat Actors: 元帅*
Victim Country: China
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of jdih.kpu.go.id
Category: Data Breach
Content: A threat actor posted what appears to be a database sample from jdih.kpu.go.id, the legal documentation portal of Indonesias General Elections Commission (KPU). The post includes a code sample but no further details on record count or data fields are provided.
Date: 2026-05-14T03:19:55Z
Network: openweb
Published URL: https://breached.st/threads/database-jdih-kpu-go-id.87084/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Komisi Pemilihan Umum (KPU)
Victim Site: jdih.kpu.go.id
Alleged data breach of JDIH KPU (Indonesian Electoral Commission database)
Category: Data Breach
Content: A user mr-hanz-xploit has posted on Breachforums regarding a database breach of JDIH KPU (Jaringan Dokumentasi dan Informasi Hukum – Komisi Pemilihan Umum), Indonesias Electoral Commission legal documentation and information network. The breach details are shared via Breachforums thread.
Date: 2026-05-14T03:15:51Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/148
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Government – Electoral Commission
Victim Organization: JDIH KPU
Victim Site: jdih.kpu.go.id
Sale of email:password combo list targeting Taiwan
Category: Combo List
Content: A threat actor is offering a 148K email:password combo list described as high quality and private, marketed toward Taiwan-based accounts. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-14T03:08:04Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-148k-taiwan-%E2%9A%AA-high-quality-private-combolist-1-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of gaming-targeted combo list containing Hotmail, Yahoo, and Orange credentials
Category: Combo List
Content: A combo list containing approximately 171,967 email and password pairs from Hotmail.fr, Yahoo, and Orange accounts has been shared on a cracking forum. The list is marketed as targeting gaming services for credential stuffing. No specific victim organization is identified.
Date: 2026-05-14T03:08:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-171-967-hotmail-fr-yahoo-orange-Gaming-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email:password combo list targeting Switzerland
Category: Combo List
Content: A threat actor is offering a 185K email:password combo list purportedly composed of Swiss accounts, marketed as high quality and private. The content is paywalled behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-14T03:07:44Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-185k-switzerland-%E2%9A%AA-high-quality-private-combolist-1-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of 164.9K US email:password credentials
Category: Combo List
Content: A combo list purportedly containing 164.9K US-based email and password pairs was shared on a cracking forum. No additional details about the source or targeted services are available from the post content.
Date: 2026-05-14T03:07:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-164-9k-USA
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 164.9K US credentials distributed on forum
Category: Combo List
Content: A combo list containing approximately 164,900 US credentials was shared on a forum by the user D4rkNetHub. The content is hidden behind a registration/login wall. No specific breached organization is identified.
Date: 2026-05-14T03:07:12Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-164-9k-usa-d4rknethub-cloud
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Absensis MKRDU by Ushiromiya
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the handle Ushiromiya defaced the homepage of www.absensismkrdu.com. The attack was classified as a homepage defacement and was not part of a mass defacement campaign. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-14T02:56:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922155
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Absensis MKRDU
Victim Site: www.absensismkrdu.com
Hotmail combo list of 12.1K valid credentials
Category: Combo List
Content: A threat actor shared a combo list of 12,100 alleged valid Hotmail credentials via a Mediafire link. The post markets the list as private and UHQ (ultra-high quality), with a stated date of April 14, 2026.
Date: 2026-05-14T02:51:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75202/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 3 million combo list targeting streaming services
Category: Combo List
Content: A threat actor is offering a combo list of 3 million credential pairs purportedly targeting streaming services. The list is advertised via Telegram channels where the actor also distributes free combos and tools.
Date: 2026-05-14T02:51:12Z
Network: openweb
Published URL: https://crackingx.com/threads/75203/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ministerio de Salud de Argentina
Category: Data Breach
Content: A threat actor claims to be selling the full database of Argentinas Ministry of Health, comprising approximately 52 million lines and 700GB of data, for $4,500 USD. The dataset allegedly contains highly sensitive patient medical records including full names, national identity numbers (DNI/CUIL), dates of birth, contact details, psychiatric diagnoses with DSM-IV codes, clinical evolution notes, medication schemes, and attending physician information. A sample file with records for 1,466 patients
Date: 2026-05-14T02:48:38Z
Network: openweb
Published URL: https://breached.st/threads/ministerio-de-salud-argentina-52m-lines-700gb-leak.87082/unread
Screenshots:
None
Threat Actors: cantpwn
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Ministerio de Salud de Argentina
Victim Site: salud.gob.ar
Website Defacement of MTS Al-Ghozaly by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 14, 2026, the student admission portal of MTS Al-Ghozaly, an Indonesian Islamic school, was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The attack targeted a subdomain of the schools website running on a Linux server, replacing its content with the attackers message. The incident was archived on haxor.id and does not appear to be part of a mass or coordinated campaign.
Date: 2026-05-14T02:44:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249222
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Al-Ghozaly
Victim Site: spmb.mtsalghozaly.sch.id
Combo list of 36,510 mixed credentials shared on leak forum
Category: Combo List
Content: A threat actor shared a combo list containing 36,510 mixed credentials on a leak forum. The content is hidden behind registration or login, accessible only to forum members. No specific breach source or targeted service is identified.
Date: 2026-05-14T02:35:21Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-36-510-Good-MIXED-GOODS-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 36,510 credential pairs
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub is offering a mixed combo list containing 36,510 email:password pairs via a paid cloud service. Subscription tiers range from $10 for a 3-day trial to $50 for 30-day access. The content is distributed through the actors shop and Telegram channel.
Date: 2026-05-14T02:35:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-36-510-Good-MIXED-GOODS-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and carding guides including Non-VBV, Apple Pay, Google Pay, PayPal, and Cash App linkables
Category: Carding
Content: A threat actor operating via Telegram (@ALIVE_HUSTLE) is selling stolen payment cards including Non-VBV, eBay, Apple Pay, and Google Pay cards, as well as PayPal and Cash App linkable cards. The seller also offers a full swipe guide targeting individuals new to carding, and advertises a refund or replacement policy for non-working cards.
Date: 2026-05-14T02:33:16Z
Network: openweb
Published URL: https://altenens.is/threads/o-non-vbv-auto-add-o-ebay-cc-o-apple-pay-cc-o-google-pay-cc-o-paypal-linkables-o-cash-app-linkables-o-cc-full-swipe-guide-telegram-alive_hustle.2939383/unread
Screenshots:
None
Threat Actors: M0zet2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Hi Tattoo Equipment by DimasHxR
Category: Defacement
Content: On May 14, 2026, threat actor DimasHxR defaced a subdirectory of hitattooequipment.com, a retailer specializing in tattoo equipment and supplies. The defacement was a targeted, non-mass incident affecting a specific media path rather than the sites homepage. No team affiliation, stated motive, or technical indicators were disclosed in the reported data.
Date: 2026-05-14T02:32:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922126
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Tattoo Equipment & Supplies
Victim Organization: Hi Tattoo Equipment
Victim Site: hitattooequipment.com
Website Defacement of Ledool by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a page on www.ledool.com, targeting a subdirectory within the sites media/customer content path. The defacement was a single targeted incident, not part of a mass or home page defacement campaign. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T02:31:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922153
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Ledool
Victim Site: www.ledool.com
Website Defacement of Transpalet by DimasHxR
Category: Defacement
Content: On May 14, 2026, the attacker known as DimasHxR defaced a subdirectory of transpalet.com.br, a Brazilian logistics or material handling company. The defacement targeted a specific media path rather than the homepage, suggesting exploitation of a publicly accessible directory within the web application. No team affiliation, stated motive, or technical details regarding the server environment were provided.
Date: 2026-05-14T02:30:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922150
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Logistics / Material Handling
Victim Organization: Transpalet
Victim Site: transpalet.com.br
Website Defacement of rttuotetieto.fi by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced a subdirectory of rttuotetieto.fi, a Finnish product information services website. The attack targeted a media/customer path and was carried out as an individual, non-mass defacement. No specific motive or technical indicators were disclosed in the available reporting.
Date: 2026-05-14T02:29:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922136
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Finland
Victim Industry: Information Services / Product Information
Victim Organization: RT Tuotetieto
Victim Site: rttuotetieto.fi
Alleged USDT Cryptocurrency Scam Scheme
Category: Phishing
Content: Users claiming to be from China unable to purchase USDT due to policy restrictions are offering to buy USDT at 15-20% above market price. The scheme involves confirming USDT ownership, making payment first, then requesting the victim send USDT – a classic advance-fee fraud pattern. Additional user posting as a trading company seeking USDT purchasers offering 10-25% commission.
Date: 2026-05-14T02:29:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/81055
Screenshots:
None
Threat Actors: HK6880
Victim Country: Unknown
Victim Industry: Cryptocurrency/Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of SteamSaun by DimasHxR
Category: Defacement
Content: On May 14, 2026, the threat actor DimasHxR defaced the website steamsaun.com, targeting a subdirectory within the sites public media folder. The attack appears to be an individual, non-mass defacement with no stated motive or team affiliation. The incident was archived and mirrored by zone-xsec.com under mirror ID 922147.
Date: 2026-05-14T02:28:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922147
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-commerce
Victim Organization: SteamSaun
Victim Site: steamsaun.com
Website Defacement of Stafford Outlet by DimasHxR
Category: Defacement
Content: On May 14, 2026, the Australian retail website staffordoutlet.com.au was defaced by the threat actor DimasHxR. The attacker targeted a subdirectory of the site, suggesting partial or targeted defacement rather than a full homepage takeover. No specific motive or team affiliation was reported in connection with this incident.
Date: 2026-05-14T02:28:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922143
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Retail
Victim Organization: Stafford Outlet
Victim Site: staffordoutlet.com.au
Alleged sale of stolen credit card data and account credentials
Category: Combo List
Content: Multiple threat actors advertising the sale of stolen credit card data and validation services. AllCards claims to produce and update 100k+ global credit cards daily with pricing at $1.2-2 per valid US card and $2.5-3 for other countries. Cococheck offers credit card verification services starting at $0.01 per check. Additional post advertises fresh databases of stolen credentials from UK, DE, JP, NL, BR, PL, ES, US, IT and other countries, including compromised accounts from eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, and webmail services.
Date: 2026-05-14T02:27:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/81047
Screenshots:
None
Threat Actors: AllCards
Victim Country: Multiple countries
Victim Industry: Multiple (e-commerce, payment, travel, social commerce)
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of sshfin.com by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor identified as DimasHxR defaced the website sshfin.com, targeting a path within the public media customer directory. The defacement was a targeted single-site attack with no team affiliation reported. The attackers motive and technical details regarding the server infrastructure remain unknown.
Date: 2026-05-14T02:27:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922142
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: SSH Financial (sshfin)
Victim Site: sshfin.com
Sale of beginner fraud bundle including carding tutorials, fullz, and payment logs
Category: Carding
Content: A threat actor is selling a beginner bundle targeting newcomers to fraud, advertised as containing stolen credit cards, fullz, PayPal logs, BIN skippers, and various carding guides covering methods such as CC-to-BTC conversion, refund fraud, and cashout techniques. The bundle is promoted via a Telegram channel. No specific victim organization is identified.
Date: 2026-05-14T02:26:22Z
Network: openweb
Published URL: https://altenens.is/threads/luggageflag-united-kingdom-beginner-bundleluggage.2939364/unread
Screenshots:
None
Threat Actors: ynstank4
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Datenlogger-Store by DimasHxR
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias DimasHxR defaced the website of Datenlogger-Store, a German online retailer specializing in data logging equipment. The attack targeted a media directory path on the domain and was a targeted single-site defacement with no team affiliation reported. No specific motive or technical details were disclosed in association with the incident.
Date: 2026-05-14T02:26:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922152
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / E-Commerce (Data Logging Equipment)
Victim Organization: Datenlogger Store
Victim Site: www.datenlogger-store.de
Website Defacement of Tailored Car Mats by DimasHxR
Category: Defacement
Content: On May 14, 2026, the attacker known as DimasHxR defaced a media subdirectory of tailoredcarmats.co.uk, a UK-based retailer specializing in automotive car mats. The defacement was a targeted, single-site attack with no team affiliation reported, and did not affect the sites homepage. No specific motive or server details were disclosed.
Date: 2026-05-14T02:25:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922149
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / Automotive Accessories
Victim Organization: Tailored Car Mats
Victim Site: tailoredcarmats.co.uk
Sale of MIX Corporate and Educational Email Credential Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of 20,111 corporate and educational email credentials in mail:pass format. The list is marketed as 100% valid. No specific organization or breach source is identified.
Date: 2026-05-14T02:24:40Z
Network: openweb
Published URL: https://crackingx.com/threads/75197/
Screenshots:
None
Threat Actors: dexter7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Girlie Stuffs by DimasHxR
Category: Defacement
Content: On May 14, 2026, the website girliestuffs.com was defaced by a threat actor known as DimasHxR acting independently without a team affiliation. The defacement targeted a subdirectory of the site rather than the home page, suggesting a targeted intrusion into a specific media or custom content folder. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T02:24:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922125
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Girlie Stuffs
Victim Site: girliestuffs.com
Alleged data breach of McKissock / Colibri Real Estate with extortion threat
Category: Data Breach
Content: A threat actor claims to have obtained over 3.3 million customer records from McKissock and its affiliated platform Colibri Real Estate, allegedly exposed via a shared API infrastructure. The stolen data purportedly includes PII (SSNs, drivers license numbers, dates of birth), payment details for over 500,000 students, employee records, and various documents including medical certificates and transcripts. The actor is threatening to publicly release the data via Telegram within seven days unles
Date: 2026-05-14T02:16:38Z
Network: openweb
Published URL: https://breached.st/threads/mckissock-com-colibri-real-estate-3-395-138-customer-records.87081/unread
Screenshots:
None
Threat Actors: deathwatch
Victim Country: United States
Victim Industry: Education
Victim Organization: McKissock / Colibri Real Estate
Victim Site: mckissock.com
Sale of corporate email:password combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 2,400 corporate email and password pairs, marketed as high quality and private. The content is gated behind registration or login on the forum. No specific victim organization or industry is identified.
Date: 2026-05-14T02:05:36Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2-4k-corp%E2%9A%AA-high-quality-private-combolist-1%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of streaming service combo list with 100K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 100,000 email:password credential pairs purportedly targeting streaming services. The content is gated behind registration or login on the forum. No specific streaming platform or breach source is identified.
Date: 2026-05-14T02:05:06Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-streaming-%E2%9A%AA-high-quality-private-combolist-1-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of USA email:password combo list
Category: Combo List
Content: A threat actor is offering a 100K USA email:password combo list described as high quality and private. The content is gated behind registration or login on the forum. No specific breached organization is identified.
Date: 2026-05-14T02:04:36Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-usa-%E2%9A%AA-high-quality-private-combolist-1-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail combo list with 100K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 100,000 Gmail email:password pairs, marketed as high quality and private. The content is gated behind forum registration or login. Gmail is the credential-stuffing target, not the breach source.
Date: 2026-05-14T02:04:20Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-gmail-%E2%9A%AA-high-quality-private-combolist-1-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloned cards, CVV, dumps, and fullz across multiple regions
Category: Carding
Content: A threat actor operating under the alias MrDumpsCC is selling stolen payment card data including non-VBV credit cards, CVV/CCV, clone cards with ATM PINs, fullz, and Track 1/2 dumps for the US, UK, CA, AU, and EU regions. Physical cloned cards with ATM PINs are priced between $250 and $1,000 depending on balance, while individual CVVs and dumps are priced per unit. Contact is facilitated via Telegram.
Date: 2026-05-14T02:01:38Z
Network: openweb
Published URL: https://xforums.st/threads/sell-non-vbv-cc-cvv-ccv-clone-cards-carding-dumps.613786/
Screenshots:
None
Threat Actors: MrDumpsCC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 10,000 stolen credit cards
Category: Data Leak
Content: User offering 10,000 credit cards for sale via pixeldrain file sharing link. Minimal details provided but clear commercial intent for stolen payment card data.
Date: 2026-05-14T01:51:10Z
Network: telegram
Published URL: https://t.me/c/2613583520/81037
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 69.1K mixed valid mail credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 69,100 mixed valid email credentials, marketed as private and high quality. The list is dated May 14, 2026, and is available for free to forum members upon reply.
Date: 2026-05-14T01:48:47Z
Network: openweb
Published URL: https://altenens.is/threads/69-1k-sparkles-mix-sparkles-valid-mail-access-14-05.2939305/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Iqra Centre by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a page on iqracentre.org, a website associated with an educational or Islamic religious organization. The defacement was a targeted, non-mass incident affecting a single page rather than the homepage. The attack was recorded and mirrored by zone-xsec.com with reference ID 922091.
Date: 2026-05-14T01:38:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922091
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education / Religious Organization
Victim Organization: Iqra Centre
Victim Site: iqracentre.org
Website Defacement of HBC Carpentras by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website hbc-carpentras.com was defaced by a threat actor known as chinafans, affiliated with the group 0xteam. The defacement targeted a French handball club, HBC Carpentras, and was a single targeted incident rather than a mass or redefacement campaign. The attack details were archived and mirrored via zone-xsec.com.
Date: 2026-05-14T01:37:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922115
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: France
Victim Industry: Sports / Recreation
Victim Organization: HBC Carpentras
Victim Site: hbc-carpentras.com
Website Defacement of Atlantia Odyssee by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website atlantia-odyssee.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with the teams naming convention. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T01:36:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922092
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Atlantia Odyssee
Victim Site: atlantia-odyssee.com
Website Defacement of LSNetworks by chinafans (0xTeam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xTeam, defaced a page on lsnetworks.com.br, a Brazilian internet/networking services provider. The defacement was a targeted, non-mass incident affecting a single page (0x.txt) on the victims domain. The attack was documented and mirrored by zone-xsec.com under mirror ID 922118.
Date: 2026-05-14T01:35:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922118
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Telecommunications / Internet Services
Victim Organization: LS Networks
Victim Site: lsnetworks.com.br
Website Defacement of Group IGS by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, threat actor chinafans operating under the team 0xteam defaced the website of Group IGS, targeting a text file at group-igs.com/0x.txt. The incident was a targeted defacement, not classified as a mass or home page defacement. The attack was mirrored and archived by zone-xsec.com.
Date: 2026-05-14T01:35:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922097
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: Group IGS
Victim Site: group-igs.com
Website Defacement of ingestic.cl by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor identified as chinafans, operating under the group 0xteam, defaced the Chilean website ingestic.cl by uploading a defacement file (0x.txt). The incident was a targeted single-site defacement with no additional technical indicators such as server software or IP address recorded.
Date: 2026-05-14T01:34:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922099
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Ingestic
Victim Site: ingestic.cl
Sale of Germany mixed target combo list with 440,452 lines
Category: Combo List
Content: A threat actor shared a Germany-targeted mixed combo list containing 440,452 email:password lines on a public forum. The list appears to be compiled from multiple sources and marketed for credential stuffing purposes. No specific victim organization is identified.
Date: 2026-05-14T01:34:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-440-452-Lines-%E2%9C%85-DE-Germany-Mixed-Target-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of drrahavard.com by chinafans (0xteam)
Category: Defacement
Content: The website drrahavard.com, associated with a medical professional or healthcare entity identified as Dr. Rahavard, was defaced by threat actor chinafans operating under the group 0xteam on May 14, 2026. The defacement was a targeted single-site attack, with the defaced content accessible at the path /0x.txt. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-14T01:33:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922109
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Dr. Rahavard
Victim Site: drrahavard.com
Sale of 8.2 million URL:Log:Pass stealer log credentials
Category: Logs
Content: A threat actor is distributing a private collection of 8.2 million URL:log:pass credential records, marketed as ultra-high quality (UHQ). The content is accessible via a hidden download link requiring forum registration or login, with contact available through Telegram.
Date: 2026-05-14T01:33:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1-8-2M-URL-LOG-PASS-PRIVATE-UHQ%E2%9A%A1
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of HomeOfficeExpert.fr by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website homeofficeexpert.fr was defaced by threat actor chinafans, operating under the group 0xteam. The attacker placed a defacement file (0x.txt) on the French home office products website. The incident was recorded as a single, non-mass defacement with no prior redefacement history.
Date: 2026-05-14T01:33:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922089
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: France
Victim Industry: Retail / Home Office Products
Victim Organization: Home Office Expert
Victim Site: homeofficeexpert.fr
Website Defacement of theyari.com by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website theyari.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted single-site intrusion, with the attacker leaving a calling card at theyari.com/0x.txt. The incident was catalogued and mirrored by zone-xsec.com under mirror ID 922103.
Date: 2026-05-14T01:32:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922103
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Yari
Victim Site: theyari.com
Website Defacement of GenesisWA by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, threat actor chinafans operating under the group 0xteam defaced the website genesiswa.com, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated compromise. A mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-05-14T01:31:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922093
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Genesis WA
Victim Site: genesiswa.com
Website Defacement of German Legal Seminar Organization by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced a subdirectory of anwaltsseminare-minden.de, a German legal seminar organization based in Minden. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motive or server details were disclosed.
Date: 2026-05-14T01:30:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922106
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Legal Services / Education
Victim Organization: Anwaltsseminare Minden
Victim Site: anwaltsseminare-minden.de
Website Defacement of bellata.fr by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the French website bellata.fr. The defacement was a targeted, single-site attack with a mirror archived at zone-xsec.com. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-14T01:29:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922110
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: France
Victim Industry: Unknown
Victim Organization: Bellata
Victim Site: bellata.fr
Free IPTV M3U playlist list shared on cracking forum
Category: Combo List
Content: A forum user shared 25 M3U playlist files claimed to be verified working IPTV streams, distributed for free. The post is dated May 12, 2026 and links to an external IPTV service via Linktree. Content requires forum registration to access.
Date: 2026-05-14T01:29:55Z
Network: openweb
Published URL: https://crackingx.com/threads/75192/
Screenshots:
None
Threat Actors: ouaaka_06
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list
Category: Combo List
Content: A threat actor is offering a combo list of 1,465 claimed valid Hotmail credentials marketed as UHQ (ultra-high quality). The post advertises the list as sourced from a private cloud and includes a mix of valid accounts, with contact via Telegram for acquisition.
Date: 2026-05-14T01:29:37Z
Network: openweb
Published URL: https://crackingx.com/threads/75193/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of akbal.cl by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced the Chilean website akbal.cl by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no mass or repeated defacement indicators recorded.
Date: 2026-05-14T01:29:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922096
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Akbal
Victim Site: akbal.cl
Website Defacement of Pronto Pharmacy by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website of Pronto Pharmacy on May 14, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. No specific motivation or technical details regarding the attack vector were disclosed.
Date: 2026-05-14T01:28:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922090
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare / Pharmacy
Victim Organization: Pronto Pharmacy
Victim Site: prontopharmacy.com
Website Defacement of Business Lounge SK by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website business-lounge.sk was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted, non-mass incident affecting a single page on the Slovak business services domain. No specific motivation or vulnerability details were disclosed in the available intelligence.
Date: 2026-05-14T01:27:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922112
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Slovakia
Victim Industry: Hospitality / Business Services
Victim Organization: Business Lounge
Victim Site: business-lounge.sk
Website Defacement of Funeraria Décio by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Funeraria Décio, a funeral services provider based in Portugal. The defacement was a targeted, single-site attack and does not appear to be part of a mass defacement campaign. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-05-14T01:27:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922101
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Portugal
Victim Industry: Funeral Services
Victim Organization: Funeraria Décio
Victim Site: funerariadecio.pt
Website Defacement of rajutesya.com by chinafans of 0xteam
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website rajutesya.com by uploading a defacement file at the path /0x.txt. The incident was recorded as a single-target, non-mass defacement. The attack details are archived via zone-xsec.com mirror.
Date: 2026-05-14T01:26:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922119
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Rajutesya
Victim Site: rajutesya.com
Website Defacement of bmz.sk by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the Slovak website bmz.sk on May 14, 2026. The defacement was a targeted, non-mass incident affecting a specific page rather than the homepage. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-05-14T01:25:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922107
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: BMZ
Victim Site: bmz.sk
Website Defacement of Groupe CEB SARL by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website of Groupe CEB SARL on May 14, 2026. The defacement was a targeted single-site incident, with the defacement content hosted at groupecebsarl.com/0x.txt. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-14T01:24:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922116
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Business Services
Victim Organization: Groupe CEB SARL
Victim Site: groupecebsarl.com
Website Defacement of gamrkit.com by chinafans (0xteam)
Category: Defacement
Content: The website gamrkit.com was defaced by threat actor chinafans operating under the group 0xteam on May 14, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was neither a mass defacement nor a redefacement, indicating a singular targeted attack against this platform.
Date: 2026-05-14T01:24:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922120
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Gaming / Technology
Victim Organization: GamrKit
Victim Site: gamrkit.com
Website Defacement of Maggio Wellness by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the threat actor chinafans, operating under the group 0xteam, defaced the website maggiowellness.com, targeting a file path /0x.txt. The incident was a targeted, non-mass defacement with no prior redefacement history recorded. A mirror of the defaced content was archived via zone-xsec.com.
Date: 2026-05-14T01:23:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922117
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Health & Wellness
Victim Organization: Maggio Wellness
Victim Site: maggiowellness.com
Website Defacement of XpertMarketing by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website xpertmarketing.pro was defaced by threat actor chinafans operating under the group 0xteam. The attack targeted a specific file path (/0x.txt) on the marketing-oriented domain. No specific motive, server details, or proof of concept were disclosed in connection with this incident.
Date: 2026-05-14T01:22:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922102
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Marketing
Victim Organization: Xpert Marketing
Victim Site: xpertmarketing.pro
Website Defacement of Nervana Health Clinic by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website of Nervana Health Clinic was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) on the clinics domain, indicating a targeted file-based defacement rather than a full homepage takeover. The incident was recorded and mirrored by zone-xsec.com under mirror ID 922095.
Date: 2026-05-14T01:21:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922095
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Nervana Health Clinic
Victim Site: nervanahealthclinic.com
Website Defacement of Tridenta Sales by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website tridenta-sales.com by uploading a defacement file at the path /0x.txt. The attack was a targeted, single-site defacement with no indication of mass or repeated defacement activity. Server and infrastructure details were not disclosed in the available intelligence.
Date: 2026-05-14T01:21:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922121
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Sales / Commerce
Victim Organization: Tridenta Sales
Victim Site: tridenta-sales.com
Website Defacement of Tlaciarengg by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced the Slovak website tlaciarengg.sk by uploading a defacement file at the path /0x.txt. The incident was a targeted, non-mass defacement with no prior redefacement history recorded. The server environment and specific motivation behind the attack remain unknown.
Date: 2026-05-14T01:20:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922094
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Slovakia
Victim Industry: Printing / Commercial Services
Victim Organization: Tlaciarengg
Victim Site: tlaciarengg.sk
Website Defacement of Colony Stone by chinafans (0xteam)
Category: Defacement
Content: The website colonystone.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 14, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was neither a mass defacement nor a redefacement, indicating a singular targeted attack against this organization.
Date: 2026-05-14T01:19:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922098
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Building Materials
Victim Organization: Colony Stone
Victim Site: colonystone.com
Alleged sale of Openbullet 2 and Silverbullet configs with captcha bypass tools
Category: Malware
Content: Threat actor @DataxLogs advertising sale of credential stuffing/account takeover configs including Openbullet 2 and Silverbullet with bypass capabilities for multiple captcha types (hCaptcha, Cloudflare, reCAPTCHA v2/v3, Akamai, etc.). Offering APIs for Web, Android, iOS, and Windows platforms.
Date: 2026-05-14T01:15:39Z
Network: telegram
Published URL: https://t.me/c/2613583520/81016
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Pertamina
Category: Data Leak
Content: A threat actor operating under the alias MR ELANG XPLOIT claims to have leaked a database associated with Pertamina, Indonesias state-owned oil and gas company. The data is being freely distributed via a MediaFire download link. No additional details regarding record count or specific data fields were provided in the post.
Date: 2026-05-14T01:15:34Z
Network: openweb
Published URL: https://breached.st/threads/leaks-database-pertamina.87080/unread
Screenshots:
None
Threat Actors: MR ELANG XPLOIT
Victim Country: Indonesia
Victim Industry: Energy
Victim Organization: Pertamina
Victim Site: sadikun.com
Alleged USDT Trading Scam and Money Laundering Operation
Category: Phishing
Content: Coordinated phishing/scam campaign operating across multiple accounts (changshen, Jolyn Stoler, Germany, Alexandr) in Squad Chat Marketplace. Operators pose as legitimate USDT traders offering commissions (10-25%) or purchasing USDT at premium rates (15-20% above market). Scheme uses classic advance-fee fraud tactics: we pay first, then you send USDT to establish trust before requesting funds or credentials. Targets individuals seeking to trade cryptocurrency, particularly those from China claiming policy restrictions. Contact handles: @Hgwh1688, @HK6880.
Date: 2026-05-14T01:13:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/81003
Screenshots:
None
Threat Actors: changshen
Victim Country: China
Victim Industry: Cryptocurrency/Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Migrinplus Vietnam by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor identified as chinafans, affiliated with the hacking group 0xteam, defaced the Vietnamese website migrinplus.vn by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass defacement activity. The attack details are mirrored on zone-xsec.com under ID 921947.
Date: 2026-05-14T01:12:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921947
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Migrinplus
Victim Site: migrinplus.vn
Website Defacement of Manacon by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website manacon.co.uk was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted, single-site incident and does not appear to be part of a mass defacement campaign. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-14T01:12:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921958
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Manacon
Victim Site: manacon.co.uk
Website Defacement of gevetan.eu by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website gevetan.eu by uploading a defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated compromise. No specific motivation or server details were disclosed.
Date: 2026-05-14T01:11:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921952
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: European Union
Victim Industry: Unknown
Victim Organization: Gevetan
Victim Site: gevetan.eu
Website Defacement of albertcasanovas.cat by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website albertcasanovas.cat, a personal or portfolio site hosted under the Catalan (.cat) domain. The defacement targeted a specific file path (0x.txt) and was not classified as a mass or home page defacement. No specific motivation or server details were disclosed in the available incident data.
Date: 2026-05-14T01:10:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921965
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Personal/Portfolio
Victim Organization: Albert Casanovas
Victim Site: albertcasanovas.cat
Website Defacement of Pinnacle Unified by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website pinnacleunified.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a specific text file path (/0x.txt) on the domain. The incident was a single-target, non-mass defacement with no publicly disclosed motive or technical details.
Date: 2026-05-14T01:10:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921963
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pinnacle Unified
Victim Site: pinnacleunified.com
Website Defacement of bihzemljabezprepreka.ba by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor operating under the alias chinafans and affiliated with 0xteam defaced the Bosnian website bihzemljabezprepreka.ba, uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. The attack was documented and mirrored by zone-xsec.com under record ID 921983.
Date: 2026-05-14T01:09:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921983
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Bosnia and Herzegovina
Victim Industry: Unknown
Victim Organization: Bih Zemlja Bez Prepreka
Victim Site: bihzemljabezprepreka.ba
Website Defacement of Inframundo Records by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website inframundo-records.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site attack, not part of a mass defacement campaign. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-05-14T01:08:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921977
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Music / Entertainment
Victim Organization: Inframundo Records
Victim Site: inframundo-records.com
Website Defacement of loca4students.com by chinafans (0xteam)
Category: Defacement
Content: The website loca4students.com, a platform likely serving students, was defaced by threat actor chinafans operating under the team 0xteam on May 14, 2026. The defacement was a targeted, single-site attack with the defaced content hosted at the path /0x.txt. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-14T01:07:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921974
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Loca4Students
Victim Site: loca4students.com
Website Defacement of Pastor-Aleman.com by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website pastor-aleman.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt on the target server. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-14T01:07:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921973
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Religion / Religious Services
Victim Organization: Pastor Aleman
Victim Site: pastor-aleman.com
Website Defacement of Renzisanta Arredamenti by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the Italian furniture and interior design company Renzisanta Arredamenti had its website defaced by a threat actor known as chinafans, operating under the group 0xteam. The attack was a targeted single-site defacement, with the defaced page archived via zone-xsec.com. No specific motivation or additional technical details were disclosed.
Date: 2026-05-14T01:06:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921975
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Italy
Victim Industry: Furniture / Interior Design
Victim Organization: Renzisanta Arredamenti
Victim Site: renzisantaarredamenti.it
Website Defacement of BHR Group by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website bhrgroup.net was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or vulnerability details were disclosed.
Date: 2026-05-14T01:05:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921960
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: BHR Group
Victim Site: bhrgroup.net
Website Defacement of vinsolle.com by chinafans (0xteam)
Category: Defacement
Content: The website vinsolle.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 14, 2026. The defacement targeted a specific file path (0x.txt) rather than the sites homepage, indicating a targeted file-level intrusion. A mirror of the defacement has been archived on zone-xsec.com.
Date: 2026-05-14T01:04:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921979
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Vinsolle
Victim Site: vinsolle.com
Website Defacement of Prestige Property Finance by chinafans (0xTeam)
Category: Defacement
Content: On May 14, 2026, the website of Prestige Property Finance, a property finance company, was defaced by a threat actor operating under the handle chinafans and affiliated with the group 0xTeam. The defacement targeted a specific subdirectory of the domain rather than the homepage. No server details or stated motive were recorded for this incident.
Date: 2026-05-14T01:04:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921968
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Financial Services
Victim Organization: Prestige Property Finance
Victim Site: prestigepropertyfinance.com
Combo List targeting Hotmail accounts across multiple countries
Category: Combo List
Content: A threat actor is distributing credential-stuffing configurations targeting Hotmail accounts from multiple countries including the UK, US, France, Brazil, Mexico, and Italy. The post directs users to an external paste link for daily drops of multi-country combo lists. No specific record count or pricing was mentioned.
Date: 2026-05-14T01:03:46Z
Network: openweb
Published URL: https://patched.to/Thread-cool-config-cloud-hotmail-uk-us-fr-br-mx-it
Screenshots:
None
Threat Actors: Coolconfigcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of higueras.net by chinafans of 0xteam
Category: Defacement
Content: On May 14, 2026, the website higueras.net was defaced by threat actor chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced content accessible via a text file at higueras.net/0x.txt. The attack was mirrored and archived by zone-xsec.com under mirror ID 921967.
Date: 2026-05-14T01:03:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921967
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Higueras
Victim Site: higueras.net
Sale of Hotmail combo list (0.1K credentials)
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 100 Hotmail credentials marketed as high quality mail access. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-14T01:03:17Z
Network: openweb
Published URL: https://patched.to/Thread-0-1k-hq-hotmail-mail-access-combolist-302113
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Revisiones Tecnicas Colon by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website revisionestecnicascolon.com was defaced by threat actor chinafans operating under the team 0xteam. The attack was a targeted single-site defacement, not classified as a mass or home page defacement. The organization appears to be a vehicle technical inspection service, likely operating in a Spanish-speaking country based on the domain name.
Date: 2026-05-14T01:02:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921962
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Automotive / Vehicle Inspection Services
Victim Organization: Revisiones Tecnicas Colon
Victim Site: revisionestecnicascolon.com
Alleged sale of Hotmail credentials and combolists across multiple countries
Category: Combo List
Content: Seller offering private cloud Hotmail UHQ (ultra high quality) credentials and combolists for multiple countries including DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SP, SG. Also advertising access to kleinanzeigen, eBay, Reddit, Poshmark, Depop, and Walmart/Amazon accounts. Seller indicates serious buyers only and offers keyword verification.
Date: 2026-05-14T01:02:23Z
Network: telegram
Published URL: https://t.me/c/2613583520/81010
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com, ebay.com, amazon.com, walmart.com, reddit.com, poshmark.com, depop.com, kleinanzeigen.de
Website Defacement of leberinfo.de by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the German website leberinfo.de by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeat defacement activity.
Date: 2026-05-14T01:02:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921957
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Leberinfo
Victim Site: leberinfo.de
Website Defacement of elioscenterdal1982.com by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website elioscenterdal1982.com by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. No specific motive or server details were disclosed.
Date: 2026-05-14T01:01:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921948
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Elios Center Dal
Victim Site: elioscenterdal1982.com
Website Defacement of Fundacion Reny Picot by chinafans (0xteam)
Category: Defacement
Content: The website of Fundacion Reny Picot, a non-profit foundation, was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The defacement was recorded on May 14, 2026, targeting a specific file path on the organizations web server. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-14T01:00:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921970
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Non-Profit / Foundation
Victim Organization: Fundacion Reny Picot
Victim Site: fundacionrenypicot.org
Website Defacement of Costa Rica Best Tours by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the travel and tourism website costaricabesttours.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement was a targeted, single-site incident and does not appear to be part of a mass defacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-14T00:59:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921981
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Costa Rica
Victim Industry: Travel and Tourism
Victim Organization: Costa Rica Best Tours
Victim Site: costaricabesttours.com
Website Defacement of Elettric Train by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the website elettrictrain.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt on the target server. No specific motive, proof of concept, or additional technical details were disclosed alongside the incident.
Date: 2026-05-14T00:59:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921951
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail / Hobby & Collectibles
Victim Organization: Elettric Train
Victim Site: elettrictrain.com
Website Defacement of Creativa Paisaje Mexico by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Creativa Paisaje Mexico, a landscaping and outdoor design company based in Mexico. The incident was a targeted single-site defacement, not classified as a mass or home page defacement. The attack was documented and mirrored via zone-xsec.com.
Date: 2026-05-14T00:58:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921971
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Landscaping / Outdoor Design Services
Victim Organization: Creativa Paisaje Mexico
Victim Site: creativapaisajemexico.com
Website Defacement of The Roasted Roots by chinafans (0xteam)
Category: Defacement
Content: The website theroastedroots.com was defaced by threat actor chinafans operating under the group 0xteam on May 14, 2026. The defacement targeted a food and beverage related website, with the attacker leaving a marker file at the path /0x.txt. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-14T00:57:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921972
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Food & Beverage
Victim Organization: The Roasted Roots
Victim Site: theroastedroots.com
Website Defacement of Encuentros Espirituales by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, the Spanish spiritual/religious website encuentrosespirituales.es was defaced by threat actor chinafans operating under the group 0xteam. The attack was a targeted single-page defacement, not a mass or home page compromise. No specific motivation or server details were disclosed in the available incident data.
Date: 2026-05-14T00:56:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921953
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Religion & Spirituality
Victim Organization: Encuentros Espirituales
Victim Site: encuentrosespirituales.es
Website Defacement of Residence Zum Roessl by chinafans (0xteam)
Category: Defacement
Content: On May 14, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Residence Zum Roessl, an Italian hospitality establishment. The defacement was a targeted, single-site incident with no indication of mass or repeated defacement activity. The attacker left a text file (0x.txt) as evidence of the compromise.
Date: 2026-05-14T00:55:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921954
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Italy
Victim Industry: Hospitality / Tourism
Victim Organization: Residence Zum Roessl
Victim Site: residencezumroessl.it
Website Defacement of trtnyc.com by chinafans (0xteam)
Category: Defacement
Content: The website trtnyc.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 14, 2026. The defacement was a targeted single-site attack, leaving a text file at the path /0x.txt as evidence of compromise. No specific motive or server details were disclosed in association with this incident.
Date: 2026-05-14T00:55:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/921950
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Unknown
Victim Organization: TRT NYC
Victim Site: trtnyc.com
Sale of 100K corporate combo list targeting US and EU
Category: Combo List
Content: A threat actor is distributing a text file containing 100,000 credentials marketed as private, premium, and fresh as of May 2026, targeting corporate accounts across the US and EU. The post provides a download link with no further details on the source of the credentials.
Date: 2026-05-14T00:34:12Z
Network: openweb
Published URL: https://cracked.st/Thread-100K-CORP-US-EU-PRIVATE-PREMIUM-VALIDS-UNIQUE-FRESH-MAY-2026
Screenshots:
None
Threat Actors: artmolchanov
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 1,469 fresh lines
Category: Combo List
Content: A threat actor shared a combo list containing 1,469 credential lines targeting Hotmail accounts, marketed as fresh. The post was made on a public cracking forum with no additional details available.
Date: 2026-05-14T00:33:52Z
Network: openweb
Published URL: https://cracked.st/Thread-x1469-Hotmail-Fresh-Lines
Screenshots:
None
Threat Actors: stvannx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 200K URL:Login:Password combo list
Category: Combo List
Content: A threat actor has shared a combo list of 200,000 URL:login:password lines on a public forum. The credentials are marketed as high quality and suitable for multiple use cases. The list is dated May 2026.
Date: 2026-05-14T00:33:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-200K-ULP-PRIVATE-LINES%E2%9A%A1HIGH-QUALITY%E2%9A%A1MIX-USE-FOR-ANYTHING-YOU-NEED%E2%9A%A1-MAY-2026
Screenshots:
None
Threat Actors: artmolchanov
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of mixed fresh credential lines
Category: Combo List
Content: A forum user shared what appears to be a combo list containing 2,239 mixed credential lines marketed as fresh. No additional details about the targeted services or data origin are available from the post content.
Date: 2026-05-14T00:33:24Z
Network: openweb
Published URL: https://cracked.st/Thread-x2239-Mix-Fresh-Lines
Screenshots:
None
Threat Actors: stvannx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Heimdallar email checker and IMAP viewer tool with multi-provider support
Category: Combo List
Content: A forum user is offering a tool called Heimdallar, described as a mail checker and IMAP viewer supporting 17 modules including Yahoo and Gmail. The tool appears designed for credential validation and email account access checking across multiple providers.
Date: 2026-05-14T00:33:19Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8FHeimdallar-Email-checker-and-Imap-Viewer-17-Modules-Yahoo-Gmail-etc-supported
Screenshots:
None
Threat Actors: Heimdaller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 100K corporate US combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 credentials allegedly targeting corporate US accounts, marketed as private, premium, and fresh as of May 2026. The content is gated behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-14T00:32:56Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-100k-corp-usa-private-premium-valids-unique-fresh-may-2026
Screenshots:
None
Threat Actors: BaggerraYZ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 100K mixed email and password combo list
Category: Combo List
Content: A threat actor is selling a combo list of approximately 100,000 email:password and user:password credential pairs. The list is advertised as high quality and targets multiple email providers including AOL, Yahoo, Hotmail, and Outlook, spanning multiple countries. The seller is accepting inquiries via Telegram.
Date: 2026-05-14T00:17:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75190/
Screenshots:
None
Threat Actors: alex12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Mixed Country Education Email Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of 83,239 email and password pairs allegedly associated with education sector accounts across multiple countries. The list is being shared on a public combolist forum.
Date: 2026-05-14T00:02:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-83-239-Mixed-Country-Education-Mail-Pass
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Hotmail credentials (5K)
Category: Combo List
Content: A threat actor is distributing a combo list of 5,000 Hotmail credentials marketed as fresh and high quality. The list is intended for credential stuffing against Hotmail accounts.
Date: 2026-05-14T00:01:54Z
Network: openweb
Published URL: https://cracked.st/Thread-5K-UHQ-HOTMAIL-COMBO-FRESH–2093523
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Outlook combo list containing 1.3K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,300 Outlook credentials marketed as fresh and high quality. The post is sponsored by an AIO (all-in-one) checker service. The named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-14T00:01:34Z
Network: openweb
Published URL: https://cracked.st/Thread-1-3K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list with 1.3K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 1,300 Yahoo credentials marketed as ultra-high quality and fresh. The post is sponsored by an AIO tool service. As a combo list, Yahoo is the credential-stuffing target, not the breach victim.
Date: 2026-05-14T00:01:13Z
Network: openweb
Published URL: https://cracked.st/Thread-1-3k-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Gmail combo list with 35,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 35,000 UHQ Gmail credentials marketed as fresh. The post is sponsored by an AIO checker service, suggesting the list may be intended for credential stuffing.
Date: 2026-05-14T00:00:53Z
Network: openweb
Published URL: https://cracked.st/Thread-35K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Mixed Mail Combo
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 8,300 mixed email credentials, marketed as UHQ and fresh. The post is sponsored by slateaio.com.
Date: 2026-05-14T00:00:34Z
Network: openweb
Published URL: https://cracked.st/Thread-8-3K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Ban and unban service offered on cybercrime forum
Category: Services
Content: A forum user is advertising a ban and unban service, claiming over 200 vouches and marketing the offering as fast and cheap. The service appears to involve manipulating account bans on unspecified platforms.
Date: 2026-05-14T00:00:03Z
Network: openweb
Published URL: https://patched.to/Thread-diamond-%E2%9C%85-1-golden-s-ban-unban-service-fast-cheap-200-vouches%E2%9C%85
Screenshots:
None
Threat Actors: GoldenIDs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown