[May-19-2026] Daily Cybersecurity Threat Report

Posted on May 19, 2026May 19, 2026

Cyber_Threait_Intelligence_Report_May_2026 Download

Detected Incidents Draft Data

Distribution of 4.6GB URL:Login:Password combo list extracted from stealer logs
Category: Combo List
Content: A threat actor has freely shared a 4.6GB dataset of URL:LOGIN:PASS credential lines reportedly extracted from stealer logs. The data is distributed without charge on a public forum. No specific victim organization or service is identified.
Date: 2026-05-18T23:55:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-4-6GB-URL-LOGIN-PASS-lines-From-LOGS–2096031
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 144 million URL:Login:Pass combo list
Category: Combo List
Content: A threat actor on Cracked.st has shared a combo list containing 144 million URL:login:password credential pairs, marketed as high quality. The post does not attribute the credentials to any specific breach or organization.
Date: 2026-05-18T23:55:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-144M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by BatmanMail
Category: Combo List
Content: A forum user operating as BatmanMail is distributing a combo list of Hotmail email and password pairs. The post provides a download link with minimal additional detail. This appears to be a credential stuffing resource targeting Hotmail accounts.
Date: 2026-05-18T23:54:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Private-Hotmail-BatmanMail-4
Screenshots:
None
Threat Actors: BatmanMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5K email credential combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 5,000 mixed email:password credential pairs marketed as mail access. The post was made on a public cracking forum and appears to be freely distributed.
Date: 2026-05-18T23:54:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-5k-Mix-lines-Mail-Access–2096028
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 6.3K credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 6,300 Hotmail email and password pairs on a cracking forum. The post is described as a bump, suggesting the content was previously shared. The credentials are marketed as valid mail access.
Date: 2026-05-18T23:54:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-6-3K-%E2%9C%A8-HOTMAIL-MIX-VALID-MAIL-ACCESS-%E2%9C%A8
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 1,000 Hotmail email:password credentials. The post is shared freely in exchange for likes and reputation points. The dataset is marketed as providing mail access.
Date: 2026-05-18T23:53:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1k-Hotmail-lines-Mail-Access–2096029
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email and password combo list by BatmanMail
Category: Combo List
Content: A forum user known as BatmanMail is distributing a private mixed email and password combo list. The post contains a download link with no further details about the source, record count, or targeted services.
Date: 2026-05-18T23:53:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Private-Mix-BatmanMail-3
Screenshots:
None
Threat Actors: BatmanMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on Georgian Judo Federation (gjf.ge)
Category: Cyber Attack
Content: Threat actor group 404Crew Cyber Team claims to have hacked the official website of the Georgian Judo Federation at gjf.ge. No further details or proof were provided in the post.
Date: 2026-05-18T23:49:34Z
Network: openweb
Published URL: https://breached.st/threads/gjf-ge-georgian-judo-federations-official-sports-site-hacked.87354/unread
Screenshots:
None
Threat Actors: 404Crew Cyber Team
Victim Country: Georgia
Victim Industry: Sports
Victim Organization: Georgian Judo Federation
Victim Site: gjf.ge
Website Defacement of CKM-OSS by 0xSHALL of FOURSDEATH TEAM
Category: Defacement
Content: On May 19, 2026, the website ckm-oss.nl was defaced by threat actor 0xSHALL operating under the group FOURSDEATH TEAM. The attacker targeted a specific page (zxc.html) rather than the homepage, indicating a targeted page-level defacement. The incident was recorded and mirrored by zone-xsec.com under mirror ID 924749.
Date: 2026-05-18T23:47:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924749
Screenshots:
None
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: CKM-OSS
Victim Site: ckm-oss.nl
Carding tutorial and mentorship service offered for major retail platforms
Category: Carding
Content: A threat actor is advertising carding mentorship services targeting multiple retail and payment platforms including Apple Pay, Walmart, Amazon, Best Buy, Nike, and others. The post solicits newcomers to contact the actor via a listed handle to learn fraudulent order placement techniques. No specific breach or dataset is referenced.
Date: 2026-05-18T23:41:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Newbies-message-me-If-you-tryna-mash-orders–204669
Screenshots:
None
Threat Actors: richaytt
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Forum inquiry on darknet vendor operational security practices
Category: Chatter
Content: A user on the Dread darknet forum is soliciting operational guidance on becoming a vendor, including questions about sender address obfuscation, crypto-based postage payment, and anonymity setup. The post does not reference a specific victim or threat action but indicates intent to conduct illicit marketplace activity.
Date: 2026-05-18T23:39:12Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/3ff9e04aa8bd21c65f94
Screenshots:
None
Threat Actors: jwetting 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo combo list with 30,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 30,000 Yahoo credentials on a forum. The content is hidden behind a registration or login requirement. This is a credential list intended for use against Yahoo accounts, not indicative of a breach of Yahoo itself.
Date: 2026-05-18T23:36:53Z
Network: openweb
Published URL: https://patched.to/Thread-30k-yahoo-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email access combo list
Category: Combo List
Content: A threat actor is distributing a mixed combo list of 133.1K claimed valid email credentials, marketed as private and UHQ. The content is hidden behind a forum registration/login wall and is dated 19 May 2026.
Date: 2026-05-18T23:35:53Z
Network: openweb
Published URL: https://leakforum.io/Thread-133-1K-%E2%9C%A8-Mix-%E2%9C%A8-Valid-Mail-Access-19-05
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of IKEA user database
Category: Data Leak
Content: A threat actor is freely distributing an alleged user database from ikea.com containing approximately 600,000 records. The post claims to share user data at no cost, though no sample details were visible in the post content.
Date: 2026-05-18T23:33:15Z
Network: openweb
Published URL: https://breached.st/threads/600-k-data-base-user-ikea-com.87353/unread
Screenshots:
None
Threat Actors: BabayoErorSystem
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: IKEA
Victim Site: ikea.com
Alleged leak of IKEA user database
Category: Data Breach
Content: A user in the BABAYO EROR SYSTEM channel claims to be sharing/distributing a user database allegedly from IKEA. The post indicates the database is being loaded and sent, suggesting distribution of stolen user data.
Date: 2026-05-18T23:31:35Z
Network: telegram
Published URL: https://t.me/c/3865526389/971
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: IKEA
Victim Site: ikea.com
Alleged data breach of IKEA affecting 600,000 users
Category: Data Breach
Content: A thread on breached.st claims a database breach of IKEA affecting approximately 600,000 user records. The post references a URL to a breached data forum discussing the alleged compromise.
Date: 2026-05-18T23:27:24Z
Network: telegram
Published URL: https://t.me/c/3865526389/970
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Sweden
Victim Industry: Retail
Victim Organization: IKEA
Victim Site: ikea.com
Combo list of 500,000 US email credentials from K2 stealer logs
Category: Combo List
Content: A threat actor has shared a combo list of 500,000 email:password pairs sourced from K2 stealer logs, targeting US-based accounts across Comcast, Yahoo, AOL, Charter, and Cox email providers. The credentials are marketed as fresh and untouched. The list is available for free download upon forum reply or via points redemption.
Date: 2026-05-18T23:22:08Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-500k-K2-USA-COMCAST-YAHOO-MIX-EMAIL-PASS-Fresh
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 350,000 Email:Password Credentials Targeting Steam/Gaming
Category: Combo List
Content: A threat actor is distributing a combo list of 350,000 email:password pairs sourced from K2T stealer logs, marketed as fresh and targeted toward Steam/gaming accounts. The list includes credentials from various email providers including Hotmail, Outlook, and Live domains. The post is available via hidden content requiring forum points or a reply.
Date: 2026-05-18T23:21:16Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-350k-K2-GAMING-STEAM-EMAIL-PASS-Fresh
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 150,000 Hotmail credentials marketed as gaming-focused and fresh
Category: Combo List
Content: A threat actor is distributing a combo list of 150,000 Hotmail email:password pairs sourced from the K2T stealer, dated 2026-05-15. The list is marketed as gaming-focused and fresh, with credentials spanning FR, CN, and US regions. The content is available behind a forum reply gate or point-based unlock.
Date: 2026-05-18T23:20:35Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-150k-K2-HQ-GAMING-HOTMAIL-FR-CN-US-Email-Pass-Fresh
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Pioneer Indonesia by skyrdp (seonusantara)
Category: Defacement
Content: On May 19, 2026, threat actor skyrdp, operating under the team seonusantara, conducted a mass defacement attack against pioneerindonesia.co.id, targeting a non-homepage URL on a Linux-based server. The defacement was part of a broader mass defacement campaign and was archived via haxor.id.
Date: 2026-05-18T23:19:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249381
Screenshots:
None
Threat Actors: skyrdp, seonusantara
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Pioneer Indonesia
Victim Site: pioneerindonesia.co.id
Sale of pay-per-install malware loader traffic service (SubLoads)
Category: Services
Content: A threat actor operating under the name SubLoads is advertising a pay-per-install (PPI) traffic service capable of executing malicious files (.exe, .msi, .bat, .ps1) on victim machines across US, Canada, European, and worldwide targets. The service is fully automated via a Telegram bot with real-time statistics, with pricing starting at $15 for 100 loads up to $570 for 10,000 loads. Loads are counted only upon successful file execution, indicating a results-based delivery model commonly used t
Date: 2026-05-18T23:18:17Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-SubLoads-%E2%9C%85-Loads-running-24-7-%E2%9C%85-All-geo-traffic-%E2%86%92-%E2%9C%94%EF%B8%8FUS-%E2%9C%94%EF%B8%8FCA-%E2%9C%94%EF%B8%8FEurope-%E2%9C%94%EF%B8%8FWorld-Mix–2096016
Screenshots:
None
Threat Actors: SubLoads
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email access combo list with 28,000 records
Category: Combo List
Content: A threat actor is offering a combo list of 28,000 email access credentials marketed as fresh. The post is gated behind registration or login and no further details about the source or targeted services are available.
Date: 2026-05-18T23:16:44Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-28K-FRESH-MAIL-ACCESS-MIX
Screenshots:
None
Threat Actors: AlphaCld2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of General Directorate of Public Accounting and Treasury of Nigeria (DGCPT)
Category: Data Leak
Content: A threat actor claims a ransomware group attacked the General Directorate of Public Accounting and Treasury of Nigeria on May 10, 2026, encrypting and exfiltrating over 70 GB of data. The leaked data reportedly includes employee PII such as names, phone numbers, bank account details, and RIB information, along with additional SQL database files. The data has been made available behind a points-gated hidden content section on the forum.
Date: 2026-05-18T23:11:41Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DGCPT-Nigerian-Leak-Data–189436
Screenshots:
None
Threat Actors: 0xSec
Victim Country: Nigeria
Victim Industry: Government
Victim Organization: General Directorate of Public Accounting and Treasury of Nigeria
Victim Site: Unknown
Alleged data breach of Econet Editora
Category: Data Breach
Content: A threat actor is offering for sale a purported full database dump of Econet Editora, a Brazilian educational publishing platform. The dataset is claimed to be 163 GB and includes email addresses, plain text passwords, and additional unspecified data. The seller has threatened to leak the data publicly if no payment is received.
Date: 2026-05-18T23:11:16Z
Network: openweb
Published URL: https://breached.st/threads/selling-econeteditora-com-br-full-database-163-gb.87350/unread
Screenshots:
None
Threat Actors: joaoestrella
Victim Country: Brazil
Victim Industry: Education
Victim Organization: Econet Editora
Victim Site: econeteditora.com.br
Alleged data leak of Disdukcapil Pemerintah Kota Makassar
Category: Data Leak
Content: A threat actor has leaked an alleged 2.1GB database attributed to Disdukcapil (Civil Registry and Population Administration) of Makassar City Government, Indonesia. The post includes a sample and code snippet. The dataset likely contains citizen personal and civil registration data given the nature of the agency.
Date: 2026-05-18T23:10:24Z
Network: openweb
Published URL: https://breached.st/threads/2-1gb-database-disdukcapil-pemerintah-kota-makassar.87348/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Disdukcapil Pemerintah Kota Makassar
Victim Site: Unknown
Sale of CRM source code for Seguros La Union (Ecuador)
Category: Data Breach
Content: A threat actor is offering for sale the PHP source code of a CRM system implemented at Ecuadorian insurance company Seguros La Union. The post includes a Session contact identifier and claims the code was used internally by the insurer.
Date: 2026-05-18T23:09:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-CRM-Seguros-La-Union
Screenshots:
None
Threat Actors: V0lt4r0x
Victim Country: Ecuador
Victim Industry: Finance
Victim Organization: Seguros La Union
Victim Site: Unknown
Alleged data breach of İşbank Georgia
Category: Data Breach
Content: The threat actor group 404Crew Cyber Team claims to have hacked İşbank Georgia and obtained bank data. No further details are available as the post contains no content.
Date: 2026-05-18T23:09:53Z
Network: openweb
Published URL: https://breached.st/threads/bank-data-in-isbank-georgia-georgia-hacked.87349/unread
Screenshots:
None
Threat Actors: 404Crew Cyber Team
Victim Country: Georgia
Victim Industry: Finance
Victim Organization: İşbank Georgia
Victim Site: Unknown
Hotmail combo list with 500K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 500,000 Hotmail email and password pairs, marketed as fresh credentials. The post is categorized as a credential stuffing resource targeting Hotmail accounts.
Date: 2026-05-18T23:04:14Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-500k-K2-HOTMAIL-FRESH-EMAIL-PASS
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum chatter: User inquiry about Styx Market official onion link
Category: Chatter
Content: A forum user on Dread is asking for the official onion link to Styx Market, noting multiple links are circulating. The post contains no threat content and is general marketplace navigation chatter.
Date: 2026-05-18T23:02:24Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/a304a34ce7abc5157a64
Screenshots:
None
Threat Actors: jimmy102310 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of fresh stealer logs (1.5GB)
Category: Logs
Content: A forum user is freely distributing 1.5GB of stealer logs dated May 18, 2026. The post is a bump with no additional details about victim organizations or geographic scope.
Date: 2026-05-18T23:02:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%EF%B8%8FLOGS-FRESH-1-5GB-FROM-18-05-2026%E2%AD%90%EF%B8%8F-%E2%98%81
Screenshots:
None
Threat Actors: hellall
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of fresh browser cookies/session logs
Category: Logs
Content: A forum user shared what are described as fresh browser cookies dated 2026-05-19. The post appears to be a bump of a prior thread distributing session cookies at no charge. No specific victim organization or record count is identified.
Date: 2026-05-18T23:01:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%EF%B8%8F-Cookies-Fresh-2026-05-19%E2%AD%90%EF%B8%8F-%E2%98%81
Screenshots:
None
Threat Actors: hellall
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged breach of Disdukcapil database – Makassar City Government, Indonesia
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit has posted a 2.1GB database dump allegedly from Disdukcapil (Directorate General of Population and Civil Registry) belonging to Makassar City Government on Breachforums. Disdukcapil databases contain sensitive citizen identification and civil registry data.
Date: 2026-05-18T23:01:31Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/195
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Disdukcapil Makassar City Government
Victim Site: Unknown
Alleged combo list of corporate email credentials with 145,990 lines
Category: Combo List
Content: A forum user shared a combo list advertised as containing 145,990 corporate email and password pairs. The post is labeled as a 2026 leak. No specific victim organization or breach source is identified.
Date: 2026-05-18T23:01:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-145-990-Lines-%E2%9C%85-Corp-mail-pass-Leaks-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Worldwide Hotmail Credentials
Category: Combo List
Content: A threat actor posted a combo list of Hotmail credentials on a public forum, marketed as fresh and high-quality lines dated 19.05.26. The post directs users to a Telegram channel for access to the content.
Date: 2026-05-18T23:01:07Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8-FRESH-WORLDWIDE-HQ-HOTMAIL-LINES-19-05-26-02-%E2%9C%A8
Screenshots:
None
Threat Actors: Lulpab
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of All-in-One AI Video and Image Generation Service
Category: Services
Content: A forum user is selling a subscription-based service providing access to multiple AI video and image generation tools, including Seedance 2.0 and Kling V3, priced at $44.99 per month. The service is advertised via a storefront and Telegram/Discord channels. This appears to be a commercial reselling operation with no specific victim or threat activity.
Date: 2026-05-18T23:00:25Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%AD%90all-in-one-video-and-image-ai-seedance-2-0-kling-v3-%E2%9C%85and-much-more%E2%AD%90only-44-99
Screenshots:
None
Threat Actors: pollymydolly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of all-in-one AI video and image generation service
Category: Services
Content: A forum user is selling a subscription-based all-in-one AI video and image generation service for $44.99 per month, advertised as including access to tools such as Seedance 2.0 and Kling V3. The service is offered via a third-party storefront and supported through Telegram and Discord channels.
Date: 2026-05-18T23:00:20Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90ALL-IN-ONE-VIDEO-AND-IMAGE-AI-SEEDANCE-2-0-KLING-V3-%E2%9C%85AND-MUCH-MORE%E2%AD%90ONLY-44-99
Screenshots:
None
Threat Actors: pollymydolly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 500,000 Yahoo and US ISP Email Credentials
Category: Combo List
Content: A threat actor has shared a combo list of 500,000 email:password pairs sourced from K2T stealer logs, primarily targeting Yahoo and US ISP email accounts (Comcast, AT&T, Cox, BellSouth, SBCGlobal). The credentials are marketed as fresh and valid for credential stuffing purposes.
Date: 2026-05-18T22:59:33Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-500k-K2-YAHOO-USA-EMAIL-PASS-Fresh
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 24,000 credentials
Category: Combo List
Content: A forum user is distributing a combo list of 24,000 Hotmail credentials, advertised as private. The content is gated behind registration or login on the forum.
Date: 2026-05-18T22:59:25Z
Network: openweb
Published URL: https://patched.to/Thread-24k-hotmail-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 78K mixed domain mail access combo list
Category: Combo List
Content: A forum user is sharing a combo list of approximately 78,000 mixed-domain mail access credentials. The content is hidden behind a registration or login wall. No specific victim organization or breach source is identified.
Date: 2026-05-18T22:58:59Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-78K-Mixed-Domains-Mail-Access-List
Screenshots:
None
Threat Actors: VVMM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 200K Mixed Email:Password Combo List
Category: Combo List
Content: A threat actor is offering a 200,000-record mixed email:password combo list for free download (reply-gated) and for sale via Telegram. The list claims to include credentials across multiple email providers and regions including AOL, Yahoo, Hotmail, Outlook, and users from the US, UK, France, Germany, and other countries.
Date: 2026-05-18T22:56:58Z
Network: openweb
Published URL: https://altenens.is/threads/200k-fresh-hq-combolist-email-pass-mixed.2942472/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of India Trip Travel by ALP (Alperen_216)
Category: Defacement
Content: On May 19, 2026, a threat actor identified as ALP, operating under the team name Alperen_216, defaced the website of India Trip Travel, a travel and tourism company based in India. The attack targeted a WordPress admin-related path on the site. The incident was a single-target defacement, with a mirror of the defaced page archived on zone-xsec.com.
Date: 2026-05-18T22:56:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924748
Screenshots:
None
Threat Actors: ALP, Alperen_216
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: India Trip Travel
Victim Site: www.indiatriptravel.com
Sale of 78K mixed domain combo list
Category: Combo List
Content: A threat actor shared a link to a combo list containing approximately 78,000 email and password pairs across mixed domains. The list is marketed as high quality and was made available via an external paste service.
Date: 2026-05-18T22:53:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-78K-Mixed-Domains-HQ-List
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 200K email:password combo list targeting streaming and gaming services
Category: Combo List
Content: A threat actor is distributing and selling a 200K email:password combo list marketed as high quality and fresh, targeting services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The post advertises multiple credential formats including EMAIL:PASS and USER:PASS across various regional mailsets. The actor promotes a Telegram channel and an external cracking site for purchasing.
Date: 2026-05-18T22:53:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-200k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–204660
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 870K URL:LOG:PASS credential dataset
Category: Combo List
Content: A threat actor on DemonForums shared a dataset of 870,000 URL:LOG:PASS entries, described as newly leaked stealer log data. The content is gated behind registration and promoted via an external site, plutonium.live.
Date: 2026-05-18T22:52:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-870K-URL-LOG-PASS-NEW-LEAKED-DATA
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Italy combo list with 16,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 16,000 email and password pairs reportedly sourced from Italy. The list is described as private. No specific victim organization or breach source is identified.
Date: 2026-05-18T22:34:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-16k-Italy-Private-Combolist
Screenshots:
None
Threat Actors: BygBB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Worldwide Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of Hotmail credentials marketed as fresh and high quality, dated May 2026. The content is shared via a hidden spoiler tag with a Telegram reference. No record count or additional details are provided in the post.
Date: 2026-05-18T22:34:28Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8-FRESH-WORLDWIDE-HQ-HOTMAIL-LINES-19-05-26-01-%E2%9C%A8
Screenshots:
None
Threat Actors: Lulpab
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list distribution
Category: Combo List
Content: A forum user shared what is claimed to be a fresh Hotmail email:password combo list. The post provides a download link and encourages likes and reputation in exchange. No record count or sample data is provided.
Date: 2026-05-18T22:34:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-HOTMAILS-FRESH-BY-GLITCH-PART-1
Screenshots:
None
Threat Actors: glitch_cd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed IMAP combo list
Category: Combo List
Content: A threat actor is distributing a mixed IMAP combo list, marketed as fully valid, on a cybercrime forum. The post contains minimal detail beyond a download link.
Date: 2026-05-18T22:30:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%85-MIX-IMAP-FULL-VALID-f1veu
Screenshots:
None
Threat Actors: yonatanlevin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cPanel credentials combo list
Category: Combo List
Content: A forum user is sharing what is described as valid cPanel credentials. The post provides minimal detail beyond a download link. No specific victim organization or record count is mentioned.
Date: 2026-05-18T22:29:59Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%85-cPanels-Full-Valid
Screenshots:
None
Threat Actors: yonatanlevin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.1K Hotmail Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing approximately 1,100 Hotmail mail access credentials, described as old data previously shared in closed groups 4–7 days prior to public release. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-18T22:27:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%97%BC1-1k-hotmail-mail-access%F0%9F%97%BC%E2%9C%A8-18-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 24K mix private combo list
Category: Combo List
Content: A threat actor is distributing a mixed private combo list containing approximately 24,000 credential pairs. The content is hidden behind a registration or login requirement on the forum. No specific victim organization or service is identified.
Date: 2026-05-18T22:27:14Z
Network: openweb
Published URL: https://patched.to/Thread-24k-mix-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany combo list with 26,000 credentials
Category: Combo List
Content: A forum user is sharing a private combo list purportedly containing 26,000 credentials associated with German users. The content is hidden behind a registration or login requirement. No specific victim organization or service is identified.
Date: 2026-05-18T22:26:59Z
Network: openweb
Published URL: https://patched.to/Thread-26k-germany-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 29,380 mixed premium credential hits
Category: Combo List
Content: A threat actor shared a combo list of 29,380 mixed premium credential hits on a public forum. The content is gated behind registration or login. No specific victim organization or service is identified.
Date: 2026-05-18T22:26:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-29380x-premium-mixed-hits-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of US combo list with 23,000 credentials
Category: Combo List
Content: A threat actor is offering a private US combo list containing approximately 23,000 credentials on a cybercrime forum. The content is hidden behind a registration or login wall. No specific victim organization or service is identified.
Date: 2026-05-18T22:26:13Z
Network: openweb
Published URL: https://patched.to/Thread-23k-usa-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sinverse
Category: Data Breach
Content: A threat actor is allegedly selling a database from sinverse.com, a crypto platform, containing approximately 187,000 user records. No further details about the data fields or pricing are available from the post.
Date: 2026-05-18T22:25:38Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Crypto-sinverse-com-187-000-usrs
Screenshots:
None
Threat Actors: Masterbyte
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Sinverse
Victim Site: sinverse.com
Germany HQ Combo List
Category: Combo List
Content: A combo list marketed as high-quality German credentials was shared on a cracking forum by user ShroudX. No additional details regarding record count, targeted services, or data source were provided in the post.
Date: 2026-05-18T22:24:57Z
Network: openweb
Published URL: https://nulledbb.com/thread-GERMANY-HQ-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ URL Login-Pass Combolist
Category: Combo List
Content: A user on a cracking forum shared a URL login-password combo list. No additional details are available regarding the source, record count, or targeted services.
Date: 2026-05-18T22:24:40Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-URL-LOGIN-PASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Italy Email:Password Combo List
Category: Combo List
Content: A threat actor shared an alleged high-quality Italian email:password combo list on a cracking forum. No additional details regarding record count or source were provided in the post.
Date: 2026-05-18T22:24:20Z
Network: openweb
Published URL: https://nulledbb.com/thread-ITALY-EMAILPASS-HQ-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mexico HQ Combo List
Category: Combo List
Content: A combo list targeting Mexico is being shared on a cracking forum by user ShroudX. The post contains no additional details regarding record count or targeted services.
Date: 2026-05-18T22:24:02Z
Network: openweb
Published URL: https://nulledbb.com/thread-MEXICO-HQ-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list
Category: Combo List
Content: A forum user shared a mixed mail access combo list on a cracking forum. The post contains no additional details about the source, record count, or specific mail services targeted.
Date: 2026-05-18T22:23:44Z
Network: openweb
Published URL: https://nulledbb.com/thread-MIXED-MAIL-ACCESS-HQ-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum chatter regarding drug vendor packaging error
Category: Chatter
Content: A forum user on a darknet market discussion board describes receiving a package from a drug vendor with a sticky note on the outside labeling the contents. The post expresses concern about potential interception or exposure by postal services. No threat actor activity, breach, or cybersecurity incident is described.
Date: 2026-05-18T22:23:36Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/8953e95cd385355cccb3
Screenshots:
None
Threat Actors: 14tubsofgold 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail account combo list (1,700 credentials)
Category: Combo List
Content: A forum user is sharing or selling approximately 1,700 Hotmail account credentials. The post appears to be a combo list thread sponsored by a proxy and SMS verification service. No specific breach victim or data source is identified.
Date: 2026-05-18T22:23:23Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1700-Hotmail-Accounts–2295152
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail combo list (X900 lines)
Category: Combo List
Content: A forum post advertises a mixed mail combo list containing approximately 900 lines. The post appears to be sponsored by a proxy and SMS verification service. No specific victim organization or breach source is identified.
Date: 2026-05-18T22:23:03Z
Network: openweb
Published URL: https://nulledbb.com/thread-X900-Mixed-Mail-Lines–2295153
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,800 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,800 Hotmail account credentials. The post appears to be sponsored by a proxy and SMS verification service. No additional details about the source or validity of the accounts are provided.
Date: 2026-05-18T22:22:43Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1800-Hotmail-Accounts–2295154
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 263 hits shared on cybercrime forum
Category: Combo List
Content: A threat actor shared a free combo list of 263 Hotmail credentials marketed as high-quality hits. The post includes separate downloads for keyword targets and country-sorted results.
Date: 2026-05-18T22:21:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1-263x-HQ-HOTMAIL-MIXED-HITS-%E2%9A%A1-INBOXES-TARGETS-SORTED-COUNTRIES
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Hotmail credential hits with inbox and country sort
Category: Combo List
Content: A threat actor is distributing 179 Hotmail credential hits described as high quality, with additional downloads for keyword-targeted inboxes and country-sorted results. The post is part of a combolist sharing thread on a cybercrime forum.
Date: 2026-05-18T22:21:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84-179x-HQ-HOTMAIL-HITS-%E2%9D%84-INBOXES-TARGETS-SORTED-COUNTRIES
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials shared by Kommander0
Category: Combo List
Content: A threat actor operating as Kommander0 has freely shared a combo list of approximately 5,550 Hotmail credentials via an external file-sharing link. The list is marketed as fully valid and dated May 19. This is a credential stuffing resource, not a breach of the Hotmail/Microsoft platform itself.
Date: 2026-05-18T22:21:22Z
Network: openweb
Published URL: https://crackingx.com/threads/75716/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of approximately 167 Hotmail credentials, marketed as high quality. The post advertises access to a private members-only network supplying 4K–12K fresh credentials daily. Content is gated behind a forum interaction requirement.
Date: 2026-05-18T22:21:05Z
Network: openweb
Published URL: https://crackingx.com/threads/75717/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit card data
Category: Data Leak
Content: Threat actor offering fresh credit card data for sale. Contact via DM to @c1ps0la for purchase details.
Date: 2026-05-18T22:18:24Z
Network: telegram
Published URL: https://t.me/c/2746641043/383
Screenshots:
None
Threat Actors: c1ps0la
Victim Country: Unknown
Victim Industry: Financial
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list (X3400)
Category: Combo List
Content: A forum post on NB Cracking advertises a mixed mail combo list of approximately 3,400 lines. The post appears to be sponsored by a proxy and SMS verification service. No specific victim organization or breach source is identified.
Date: 2026-05-18T21:44:29Z
Network: openweb
Published URL: https://nulledbb.com/thread-X3400-Mixed-Mail-Lines–2295145
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,100 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,100 Hotmail account credentials. The post appears to be sponsored by a proxy and SMS verification service. No breach source or additional details are provided.
Date: 2026-05-18T21:44:04Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1100-Hotmail-Accounts–2295146
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1,207 Hotmail Valid Credentials
Category: Combo List
Content: A threat actor shared a list of 1,207 claimed valid Hotmail credentials on a combolist forum. The post markets these as verified active accounts. The named service is a credential-stuffing target, not the breach source.
Date: 2026-05-18T21:34:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%AB%861207-hotmail-valid-access-18-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor known as TraxGod shared a combo list of 886 Hotmail mail access credentials on a public forum. The post indicates the data was previously distributed in closed groups 4–7 days prior to public release. Content is gated behind registration or login.
Date: 2026-05-18T21:34:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%97%BCx886-hotmail-mail-access%F0%9F%97%BC%E2%9C%A8-18-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of New Zealand email:password combo list
Category: Combo List
Content: A threat actor on a darknet forum is distributing a combo list of approximately 24,000 email:password credential pairs purportedly associated with New Zealand users. The list is marketed as fresh and high quality, dated May 18, 2026. Content is gated behind replies or a paid account upgrade.
Date: 2026-05-18T21:34:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-24-K-Combo-%E2%9C%AA-New-Zealand-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting New Zealand accounts with 24K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 24,000 email:password pairs allegedly associated with New Zealand accounts, marketed as fresh and high quality. The credentials were made available via a hidden link on the forum, with additional content promoted through a Telegram channel.
Date: 2026-05-18T21:34:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-24-K-Combo-%E2%9C%AA-New-Zealand-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Norway distributed on dark web forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 24,000 email:password pairs, marketed as fresh and high quality, with credentials associated with Norway. The list is available to forum members who reply to the thread or upgrade their account.
Date: 2026-05-18T21:33:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-24-K-Combo-%E2%9C%AA-Norway-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Norway (24K credentials)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 24,000 email:password pairs associated with Norwegian accounts, marketed as fresh and high quality. The credentials are shared via hidden content on the forum and a linked Telegram channel.
Date: 2026-05-18T21:33:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-24-K-Combo-%E2%9C%AA-Norway-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Nigeria (13K+ credentials)
Category: Combo List
Content: A threat actor shared a combo list of approximately 13,000 email:password pairs purportedly associated with Nigerian accounts. The credentials are marketed as fresh and high quality. The post directs users to a Telegram channel for additional logs.
Date: 2026-05-18T21:33:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-13-K-Combo-%E2%9C%AA-Nigeria-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 287 hits
Category: Combo List
Content: A threat actor is distributing a combo list marketed as 287 high-quality Hotmail credential hits. The post provides a download link and no additional context about the datas origin.
Date: 2026-05-18T21:33:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84-287x-HQ-HOTMAIL-HITS-%E2%9D%84
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Vivo Brazil customer database
Category: Data Leak
Content: A threat actor on Breached forums has freely leaked an alleged database of 557,892 Vivo Brazil customer accounts. The post includes a sample of the data. Vivo is a major Brazilian telecommunications provider.
Date: 2026-05-18T21:30:49Z
Network: openweb
Published URL: https://breached.st/threads/leaked-557-892-database-vivo-brazil-costumer-accounts.87347/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Brazil
Victim Industry: Telecommunications
Victim Organization: Vivo
Victim Site: vivo.com.br
Alleged data breach of Vivo Brazil – 557,892 customer accounts leaked
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit on Breachforums has posted a thread claiming to have leaked a database containing 557,892 customer accounts from Vivo Brazil. The breach details are being shared on the Breachforums platform.
Date: 2026-05-18T21:26:32Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/194
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Brazil
Victim Industry: Telecommunications
Victim Organization: Vivo Brazil
Victim Site: vivo.com.br
Combo List targeting educational sector
Category: Combo List
Content: A threat actor shared a combolist of 121,647 email and password pairs reportedly targeting the educational sector. The post was made on a public cracking forum with no additional context provided.
Date: 2026-05-18T21:25:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-121-647-Combolist-edu-target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Free release of 10K UHQ email:password combo list
Category: Combo List
Content: A threat actor has freely distributed a combo list of 10,000 email:password credential pairs marketed as UHQ (ultra-high quality). The post is dated 18 May and shared on a public cracking forum. No specific breach source or victim organization is identified.
Date: 2026-05-18T21:25:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-%E2%AD%9010k-UHQ-COMBO-18-MAY-EMAIL-PASS%E2%9A%A1-%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of European mixed combo list with 8,053 credentials
Category: Combo List
Content: A combo list containing approximately 8,053 semi-valid email and password pairs targeting European accounts has been shared on a cracking forum. The list is described as a mixed combo with two-factor authentication (2FA) entries included.
Date: 2026-05-18T21:24:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-8-053-Semi-Valide-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen fullz, identity documents, dumps with PIN, and fraud tools by threat actor silasclark
Category: Carding
Content: A threat actor operating as silasclark is selling a broad range of fraud-enabling materials including fullz (SSN, DOB, DL), identity documents with selfies and videos, dumps with PIN (Track 101/202), kids fullz, Medicare leads, and KYC bypass documents spanning multiple countries. The seller also offers carding tutorials, scam pages, RATs, shells, and access to a private cloud subscription containing over 100GB of premium databases from 65 countries, priced at $350–$1,200 depending on subscrip
Date: 2026-05-18T21:24:42Z
Network: openweb
Published URL: https://crackingx.com/threads/75714/
Screenshots:
None
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Twitter account checker tool with credential stuffing capability
Category: Combo List
Content: A threat actor is advertising a Twitter/X credential-checking tool capable of processing 100 million+ combo lines with ultra-high check rates and cookie/auth token capture. The post includes sample output showing successful credential validation with auth tokens and CT0 cookies for compromised accounts. The tool accepts mail:pass or user:pass combo lists and is marketed via Telegram.
Date: 2026-05-18T21:24:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Twitter-Checker–2095968
Screenshots:
None
Threat Actors: shokoloko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Pakistan combo list of 36K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 36,000 email:password pairs attributed to Pakistani accounts. The credentials are marketed as fresh and high quality. The list is available to registered forum members.
Date: 2026-05-18T21:20:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-36-K-Combo-%E2%9C%AA-Pakistan-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Peru distributed on hacking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 83,000 email:password pairs associated with Peruvian accounts. The credentials are marketed as fresh and high quality. The list was made available on a known hacking forum.
Date: 2026-05-18T21:19:26Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-83-K-Combo-%E2%9C%AA-Peru-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Philippines-based credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 71,000 email:password pairs attributed to Philippines-based accounts. The credentials are marketed as fresh and high quality, suggesting recent harvesting or testing.
Date: 2026-05-18T21:19:08Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-71-K-Combo-%E2%9C%AA-Philippines-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum update announcement on BreachForums
Category: Alert
Content: BreachForums administrator Hollow announced a series of platform updates including stability fixes to the credits system, addition of a refund request feature, sidebar redesigns, performance improvements, and removal of the automatic escrow system in favor of manual escrow handled by designated staff members.
Date: 2026-05-18T21:17:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-IMPORTANT-READ-Forum-updates
Screenshots:
None
Threat Actors: Hollow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: breachforums.rs
Combo list targeting Netherlands users distributed on leak forum
Category: Combo List
Content: A combo list of approximately 183,000 email:password pairs associated with Netherlands users was shared on a leak forum. The credentials are marketed as fresh and high quality. The post requires registration or login to access the hidden content.
Date: 2026-05-18T21:16:50Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%AA-183-K-Combo-%E2%9C%AA-Netherlands-%E2%9C%AA-18-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: Elite123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked IPVanish accounts with active subscriptions
Category: Combo List
Content: A threat actor is distributing three cracked IPVanish accounts advertised as fresh and private with active subscriptions. The post promotes a combo cloud service offering credential stuffing results via Telegram.
Date: 2026-05-18T21:12:05Z
Network: openweb
Published URL: https://breached.st/threads/x3-ipvranish-fresh-private-with-sub-and-capture.87344/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 500,000 PlayStation-related logs
Category: Logs
Content: A threat actor has freely shared what they claim are 500,000 stealer logs associated with PlayStation accounts. The post includes a sample and code section, suggesting the logs contain credential or session data. The source organization of the breach is unconfirmed.
Date: 2026-05-18T21:10:40Z
Network: openweb
Published URL: https://breached.st/threads/leaked-500-000-logs-playstation.87345/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of classified Brazilian military documents by #OpBrazil
Category: Data Leak
Content: A threat actor operating under the #OpBrazil campaign and the 1877 Team claims to have leaked 46 classified Level 5 (Ultra Secreto) documents allegedly exfiltrated from Brazils Strategic Weapons Research Division. The files purportedly contain unredacted technical data related to military operations including quantum radar, cyber warfare protocols, electromagnetic railguns, and nuclear capabilities. The documents have been made freely available on the forum.
Date: 2026-05-18T21:10:09Z
Network: openweb
Published URL: https://breached.st/threads/br-secret-document.87346/unread
Screenshots:
None
Threat Actors: org1877
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Brazilian Military / Strategic Weapons Research Division
Victim Site: Unknown
Alleged leak of 500,000 PlayStation logs
Category: Logs
Content: A user named mr-hanz-xploit on Breachforums has shared a thread claiming to contain 500,000 leaked logs related to PlayStation. The logs appear to be infostealer data made available on the underground forum.
Date: 2026-05-18T21:07:33Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/193
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Unknown
Victim Industry: Gaming/Entertainment
Victim Organization: PlayStation
Victim Site: playstation.com
Alleged sale of mail access and combo lists by DataxLogs
Category: Initial Access
Content: Threat actor DataxLogs is offering mail access, combo lists, configs, scripts, tools, and hits across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Custom requests are available.
Date: 2026-05-18T21:03:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/84462
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: 10K HQ mix mail credentials
Category: Combo List
Content: A threat actor shared a free sample of 10,000 mixed email credentials marketed as high quality. The post advertises an all-in-one Telegram channel offering mix mail logs, ULP combos, and checkers. No specific victim organization is identified.
Date: 2026-05-18T21:02:28Z
Network: openweb
Published URL: https://cracked.st/Thread-10k-Private-Hq-Mix-Mails-3-Sample
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample with 10K mixed email credentials
Category: Combo List
Content: A threat actor shared a free sample of 10,000 mixed email credentials on a cracking forum. The post promotes a Telegram channel offering combo lists, logs, and checkers. No specific victim organization or breach source is identified.
Date: 2026-05-18T21:02:11Z
Network: openweb
Published URL: https://cracked.st/Thread-10k-Private-Hq-Mix-Mails-4-Sample
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: Hotmail hits and Fortnite accounts
Category: Combo List
Content: A threat actor shared a free sample of credential hits targeting Hotmail and Fortnite accounts, marketed as inboxer-verified. The post directs users to a Telegram channel offering mixed mail lists, logs, ULP combos, and checkers.
Date: 2026-05-18T21:01:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Inboxer-Hotmail-Hits-Fortnite-Accounts
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample of 10K mixed email credentials
Category: Combo List
Content: A threat actor shared a free sample of 10,000 mixed email credentials on a cracking forum, marketed as high-quality (HQ). The post promotes a Telegram channel offering combo lists, logs, ULP, and checkers.
Date: 2026-05-18T21:01:38Z
Network: openweb
Published URL: https://cracked.st/Thread-10k-Private-Hq-Mix-Mails-2-Sample
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German combo list with mixed credentials sample
Category: Combo List
Content: A threat actor shared a free sample of a German high-quality combo list described as containing mixed mail, logs, and ULP credentials. The post promotes a Telegram channel advertising additional combo lists and checkers. No specific victim organization or record count was disclosed.
Date: 2026-05-18T21:01:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Germany-1-Sample
Screenshots:
None
Threat Actors: primedata
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted ChatGPT Plus and Cursor Pro account upgrades
Category: Services
Content: A forum seller is offering discounted ChatGPT Plus and Cursor Pro subscription upgrades at significantly below retail pricing, accepting PayPal and cryptocurrency. The seller advertises instant delivery via an autobuy storefront and a Discord server.
Date: 2026-05-18T21:00:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Shoppy-%E2%AD%90%E2%9A%A1-1-MARKET-23-CHATGPT-1-YEAR-UPGRADE-%E2%9A%A1-AND-MUCH-MORE-CHEAPEAST-UPGRADES-%E2%9A%A1-%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Developer services offering on cracking forum
Category: Services
Content: A forum user is advertising full-stack and backend development services including websites, APIs, dashboards, automation tools, and Discord bots. Services are offered for hire via Telegram contact.
Date: 2026-05-18T21:00:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Full-Stack-Backend-Developer-Services
Screenshots:
None
Threat Actors: XMRjr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential checker coding service
Category: Services
Content: A threat actor operating under the alias XMRjr is advertising a custom credential checker coding service on a cracking forum. The service offers Python-based checker tools with proxy support and multi-threading capabilities. Interested parties are directed to contact the seller via Telegram.
Date: 2026-05-18T21:00:07Z
Network: openweb
Published URL: https://cracked.st/Thread-XMR-Junior-Coding-Checkers-Service-Best-Coding-Service–2095955
Screenshots:
None
Threat Actors: XMRjr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 10,000 mixed email credentials
Category: Combo List
Content: A threat actor shared a combo list of 10,000 mixed email credentials, marketed as private and high quality. The content is gated behind a reply requirement. The post directs users to the authors profile for additional combo lists.
Date: 2026-05-18T20:53:34Z
Network: openweb
Published URL: https://altenens.is/threads/10k-private-hq-mix-mails-1-sample.2942442/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List Sample: Private HQ Germany 2
Category: Combo List
Content: A threat actor is sharing a sample of a private high-quality combo list purportedly containing German credentials. Access to the hidden content requires a reply, like, and profile visit. No further details about record count or targeted services are provided.
Date: 2026-05-18T20:53:08Z
Network: openweb
Published URL: https://altenens.is/threads/private-hq-germany-2-sample.2942443/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of USA credential combo list with mail access
Category: Combo List
Content: A threat actor is advertising USA-based credential hits with mail access, marketed as fresh 2026 data. The post promotes a Telegram-based combo cloud service claiming to offer high-quality credentials via private lines. No specific victim organization or record count is disclosed.
Date: 2026-05-18T20:48:31Z
Network: openweb
Published URL: https://breached.st/threads/x33-usa-hits-mail-access-fresh-2026.87341/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A forum user is distributing a combo list of approximately 600 mixed mail access credentials. The content is hidden behind a registration or login wall, limiting visibility into the specific services targeted.
Date: 2026-05-18T20:43:32Z
Network: openweb
Published URL: https://patched.to/Thread-0-6k-hq-mixed-mail-access-combolist-303758
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of EU email:password combo list (20,000+ records)
Category: Combo List
Content: A threat actor is offering a combo list of over 20,000 EU email:password pairs, marketed as ultra high quality. The credentials are attributed to the actors own channel.
Date: 2026-05-18T20:42:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-20-000-EU-MAIL-PASSWORD-DATA-ULTRA-HIGH-QUALITY
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of EU email:password combo list with 20,000 credentials
Category: Combo List
Content: A forum user is distributing a combo list of over 20,000 EU email:password pairs, marketed as ultra high quality. The content is gated behind a reply requirement.
Date: 2026-05-18T20:42:22Z
Network: openweb
Published URL: https://altenens.is/threads/20-000-eu-mail-password-data-ultra-high-quality.2942433/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed email access credentials
Category: Combo List
Content: A combo list containing 4,319 mixed email access credentials was shared on a cracking forum. The post is categorized as a mail access vault, suggesting email:password pairs targeting various mail providers. No specific victim organization or breach source is identified.
Date: 2026-05-18T20:42:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4319x-Mix-Mail-Access-Vault
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 30,000+ USA and Europe Mail:Password Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of over 30,000 email:password pairs sourced from USA and Europe, marketed as ultra high quality. Access to the hidden content requires a reply to the thread. No specific breached organization is identified.
Date: 2026-05-18T20:41:55Z
Network: openweb
Published URL: https://altenens.is/threads/30-000-usa-europe-mail-password-data-ultra-high-quality.2942434/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany-targeted shopping combo list of 1.17 million credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1.17 million email:password lines marketed as high-quality credentials targeting German shopping services. The list is being distributed on a public cracking forum.
Date: 2026-05-18T20:41:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-175-906-Lines-%E2%9C%85-Shopping-Target-HQ-Germany-De-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 30,000 USA and Europe email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 30,000 email:password pairs sourced from USA and European users, marketed as ultra high quality. The credentials are attributed to the actors Telegram channel @LupinIsHere.
Date: 2026-05-18T20:41:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-30-000-USA-EUROPE-MAIL-PASSWORD-DATA-ULTRA-HIGH-QUALITY
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,907 Hotmail credentials on a cracking forum. The post is titled Hotmail Access Vault and is categorized under combolists. No additional details are available from the post content.
Date: 2026-05-18T20:41:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1907x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mix mail access combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,000 mail access credentials described as UHQ (ultra-high quality) mix via an external paste link. The post was made on a known cracking forum and contains no additional context about the source of the credentials.
Date: 2026-05-18T20:40:53Z
Network: openweb
Published URL: https://cracked.st/Thread-2K-UHQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: lundman01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Italian email credentials
Category: Combo List
Content: A threat actor is distributing a combo list of over 10,000 Italian email:password pairs, marketed as ultra high quality. The post attributes the data to the Telegram channel @LupinIsHere.
Date: 2026-05-18T20:40:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-000-ITALY-MAIL-PASSWORD-DATA-ULTRA-HIGH-QUALITY
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of European mix combo list with 13,925 credentials
Category: Combo List
Content: A combo list containing approximately 13,925 semi-validated email:password credential pairs targeting European accounts has been shared on a cracking forum. The post is categorized as a mixed European combo list, likely intended for credential stuffing. No specific victim organization or service is identified.
Date: 2026-05-18T20:40:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-13-925-Semi-Valide-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SendGrid SMTP credentials and API keys with high sending limits
Category: Services
Content: A threat actor is offering SendGrid SMTP credentials and paid API keys with a 50,000 email sending limit, advertised as fresh daily stock with zero spam rate and inbox delivery. The seller promotes daily updates via a dedicated Telegram channel, suggesting an ongoing operation supplying compromised or fraudulently obtained SendGrid accounts.
Date: 2026-05-18T20:40:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75712/
Screenshots:
None
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
SMS Verification and OTP Service Offering on Cracked Forum
Category: Services
Content: A threat actor operating rapidsms.eu is advertising disposable US phone numbers for SMS verification and OTP bypass across 600+ services including Telegram, Google, Discord, and fintech platforms. The service offers no-KYC access, long-term rentals, and accepts cryptocurrency payments. Pricing starts at $0.25–$0.70 per verification.
Date: 2026-05-18T20:39:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Rapidsms-eu-%E2%9A%A1%EF%B8%8F-Instant-OTPs-%E2%9A%A1%EF%B8%8F-Long-term-rentals-%E2%9A%A1%EF%B8%8F-SMS-verifications-%E2%9A%A1%EF%B8%8F-Non-VoIP
Screenshots:
None
Threat Actors: rapidsms
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Neiman Marcus with 182M customer profiles and 3M plaintext credit card numbers
Category: Data Breach
Content: ShinyHunters claims to have compromised Neiman Marcus customer database containing 182 million customer profiles with PII (name, address, phone, DOB, email, SSN last 4), 3 million plaintext credit card numbers, 70 million transactions with full customer details, 50 million customer emails and IP addresses, 12 million gift card numbers, and 6 billion rows of customer shopping records and employee data. The threat actor is selling the data for $10,000 USD, claiming the company declined their offer to pay for data security.
Date: 2026-05-18T20:35:50Z
Network: telegram
Published URL: https://t.me/c/3500620464/8205
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Retail
Victim Organization: Neiman Marcus
Victim Site: neimanmarcus.com
Sale of combo lists by MetaCloud provider
Category: Combo List
Content: A threat actor operating as MetaCloud is advertising a combo list service on a cybercrime forum, claiming to offer private, daily-updated credentials at low prices. The post directs buyers to a Telegram channel for purchases. No specific victim organization or record count is disclosed.
Date: 2026-05-18T20:34:23Z
Network: openweb
Published URL: https://breached.st/threads/1starmetacloud-combo-providerstar100-private-daily-updates-startop-quality-cheap-pricesstar.87336/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of session cookies for Netflix, Grok, Amazon and other services
Category: Logs
Content: A threat actor shared a link to an external file hosting service containing session cookies for multiple platforms including Netflix, Grok, and Amazon. No further details regarding record count or origin were provided in the post.
Date: 2026-05-18T20:32:55Z
Network: openweb
Published URL: https://breached.st/threads/cookies-netflix-grok-amazon-more.87337/unread
Screenshots:
None
Threat Actors: bluestarcrack
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 50 cracked Subway account hits with gift card balance and payment card data
Category: Carding
Content: A threat actor is sharing 50 cracked Subway account hits reportedly containing gift card balances and associated payment card data, marketed as fresh and valid. The post also promotes a combo cloud service via Telegram. The accounts appear to be the result of credential stuffing rather than a direct breach of Subway.
Date: 2026-05-18T20:32:24Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage-x50-older-subway-hits-gc-balance-cc-fresh-valid-hits-high-voltage.87339/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of Xbox account combo list with gift card balance and payment card hits
Category: Combo List
Content: A threat actor operating under the alias MetaCloud is sharing or selling combo list hits targeting Xbox accounts, advertised as containing gift card balances and associated payment card data. The post markets a combo cloud service via Telegram, claiming high-quality data and private lines. Credentials are described as fresh and valid.
Date: 2026-05-18T20:31:53Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage-x27-xbox-hits-gc-balance-cc-fresh-valid-hits-high-voltage.87340/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of NVIDIA GeForce Now by ShinyHunters – 1.3M user records for sale
Category: Data Breach
Content: ShinyHunters claims to have compromised NVIDIAs GeForce Now backend and extracted approximately 1.3 million user records. The stolen data includes first names, last names, email addresses, usernames, dates of birth, membership status, TOTP/2FA status, internal roles, access flags, and account creation dates. The threat actor is offering the database for sale at $5,000 USD and directing potential buyers to their Telegram channel and communication channels.
Date: 2026-05-18T20:29:04Z
Network: telegram
Published URL: https://t.me/c/3500620464/8203
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology/Gaming
Victim Organization: NVIDIA
Victim Site: nvidia.com
Sale of Hotmail combo list with 2,307 credentials
Category: Combo List
Content: A forum user is distributing a combo list of 2,307 Hotmail credentials, marketed as a Verity Vault Hotmail Drop. The content is hidden behind a registration or login wall, limiting visibility into the datas origin or quality.
Date: 2026-05-18T20:23:40Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-2307x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Top Secret US government documents including DOD, CIA, DHS, DIA, and CENTCOM materials
Category: Data Breach
Content: A threat actor operating under the handle mosad is offering for sale alleged Top Secret US government documents purportedly sourced from DOD, CIA, DHS, DIA, AFRICOM, CENTCOM, and other military and intelligence agencies. Listed examples include FY-27 posture statements for AFRICOM, CENTCOM, Navy, and Marine Corps, as well as GAO reports and Air Force testimony documents. The seller accepts escrow and claims inventory is not limited to US government materials.
Date: 2026-05-18T20:21:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-USA-TOP-SECRET-DOD-CIA-DHS-COURT-DIA-Documents-For-Sale
Screenshots:
None
Threat Actors: mosad
Victim Country: United States
Victim Industry: Government
Victim Organization: US Department of Defense, CIA, DHS, DIA
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor known as VerityVault is distributing a combo list of 2,307 Hotmail credentials on a clearnet forum. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T20:20:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-2307x-verity-vault-hotmail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Verity Vault Mix Mail Drop
Category: Combo List
Content: A combo list containing 9,082 mixed email credentials has been shared on a forum under the label Verity Vault Mix Mail Drop. The content is hidden behind a registration/login wall. No specific victim organization or breach source is identified.
Date: 2026-05-18T20:19:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-9082x-verity-vault-mix-mail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Salesforce API access token and database breach at IKEA
Category: Data Breach
Content: ShinyHunters threat actor claims to have compromised Salesforce API access tokens and a 3TB database from IKEA.com. The data is being offered for sale at $10,000 USD. Contact information provided includes XMPP, Telegram, and email addresses.
Date: 2026-05-18T20:18:23Z
Network: telegram
Published URL: https://t.me/c/3500620464/8165
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Sweden
Victim Industry: Retail
Victim Organization: IKEA
Victim Site: ikea.com
Alleged data breach of Cushman & Wakefield by ShinyHunters – 500k+ Salesforce records
Category: Data Breach
Content: ShinyHunters claims to have compromised over 500,000 Salesforce records from Cushman & Wakefield Inc. containing PII and internal corporate data totaling 50GB+ (compressed). The threat actor states the company failed to reach a ransom agreement and has published a download link to the stolen data with a ransom-themed filename.
Date: 2026-05-18T20:18:12Z
Network: telegram
Published URL: https://t.me/c/3500620464/8178
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Real Estate / Commercial Services
Victim Organization: Cushman & Wakefield Inc.
Victim Site: cushmanwakefield.com
Alleged data breach of 23 million Chinese bank customers across multiple banks
Category: Data Breach
Content: A threat actor claiming to represent ShinyHunters has leaked a database containing personal information of approximately 23 million customers from 16 major Chinese banks. The dataset includes full names, phone numbers, bank account numbers, bank names, ID card numbers, provinces, cities, gender, age, and dates of birth. Affected banks include ICBC (7.5M records), Bank of China (2M records), Construction Bank (1.3M records), CITIC Bank (1.2M records), and others. The data is being distributed via Telegram contact @shinycorpsh.
Date: 2026-05-18T20:17:45Z
Network: telegram
Published URL: https://t.me/c/3500620464/8135
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: China
Victim Industry: Financial Services/Banking
Victim Organization: Multiple Chinese Banks
Victim Site: Unknown
Alleged data breach of Du Xiaoman Pay (DXMPay) – 500k+ Chinese users
Category: Data Breach
Content: Threat actor claiming breach of Du Xiaoman Pay (formerly Baidu Wallet), a major Chinese digital payment and financial management platform. Alleged compromise includes 500k+ user records containing full names, mobile numbers, email addresses, ID card information, transaction history, payment amounts, login credentials, session tokens, merchant data, API keys, and internal system access. Seller requesting $50,000 USD for the dataset. Contact information and Telegram channels provided for negotiation.
Date: 2026-05-18T20:17:35Z
Network: telegram
Published URL: https://t.me/c/3500620464/8061
Screenshots:
None
Threat Actors: shinycorpsh
Victim Country: China
Victim Industry: Financial Services / Payment Gateway
Victim Organization: Du Xiaoman Pay (Du Xiaoman Financial)
Victim Site: dxmpay.com
Alleged sale of Ticketmaster database breach containing 980 million sales orders and 1.2 billion records
Category: Data Breach
Content: ShinyHunters threat actor group is offering access to an alleged Ticketmaster database breach containing 980 million sales orders, 680 million order details, 1.2 billion party lookup records, 440 million unique email addresses, 560 million AVS records, and 400 million encrypted credit card details with partial information. Asking price: $10,000 USD for lifetime server access.
Date: 2026-05-18T20:17:22Z
Network: telegram
Published URL: https://t.me/c/3500620464/8128
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment/Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Alleged leak of Claude API keys with 2 million tokens
Category: Data Leak
Content: A forum user is freely distributing alleged API keys for Anthropics Claude models, including Claude Opus 4.7, claiming a total of 2 million tokens worth of access. The post offers the leaked credentials at no cost on a cracking forum.
Date: 2026-05-18T20:17:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9A%A1-2M-TOKENS-CLAUDE-OPUS-4-7-AND-MORE-API-KEY-LEAK-%E2%9A%A1
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Sale of Twitter/X account with 1 million followers (adult niche)
Category: Services
Content: A threat actor is offering for sale a Twitter/X account with approximately 1 million followers in the adult niche. The seller claims all account details can be changed and accepts middleman arrangements. No further details about the accounts origin are provided.
Date: 2026-05-18T20:13:02Z
Network: openweb
Published URL: https://cracked.st/Thread-selling-1M-followers-Twitter-X-account-can-change-all-details-niche-adult–2095698
Screenshots:
None
Threat Actors: Audacity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 800K URL:log:pass combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a file via Mega.nz containing approximately 800,000 URL:log:pass entries dated May 19. The post is titled as a million URL log pass list, suggesting stealer log output with associated credentials and URLs.
Date: 2026-05-18T20:11:15Z
Network: openweb
Published URL: https://crackingx.com/threads/75709/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of 67.3K Gmail credentials
Category: Combo List
Content: A forum post on Cracked.st advertises a combo list of approximately 67,300 Gmail email and password pairs. No additional details are available as the post content is empty.
Date: 2026-05-18T20:05:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-67-3k-Gmail
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Microsoft Azure certification exam vouchers
Category: Services
Content: A forum user is selling Microsoft Azure certification exam vouchers at $54.99 each, below the official retail price of $99–$165+. The offering covers a wide range of Azure certifications including fundamentals, associate, specialty, and expert levels. The legitimacy of these vouchers is unverified and they may be fraudulently obtained or resold in violation of Microsofts terms.
Date: 2026-05-18T20:02:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-54-99%E2%9A%A1-Microsoft-Azure-Certification-Exam-Vouchers-%E2%80%93-Any-Certification-%E2%9C%85
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs via cloud file sharing
Category: Combo List
Content: A threat actor operating under the name DAISYCLOUD has freely distributed a set of 16,181 stealer logs via public file-sharing links. The logs are marketed as fresh and dated 18 May. No specific victim organization or country is identified.
Date: 2026-05-18T19:59:27Z
Network: openweb
Published URL: https://crackingx.com/threads/75708/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged hacking services offering unauthorized access to Telegram, mobile devices, iCloud, email, and social media accounts
Category: Cyber Attack
Content: User advertising hacking services including Telegram account compromise, mobile phone hacking, website hacking, iCloud account access, email hacking, IP camera compromise, Snapchat hacking, and stolen funds recovery. Contact provided via Telegram handle @sureciphern.
Date: 2026-05-18T19:53:50Z
Network: telegram
Published URL: https://t.me/c/2613583520/84426
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Santander Bank – Spain, Chile, Uruguay – 30M+ customer records, credit cards, account data
Category: Data Breach
Content: ShinyHunters threat actor claims to have breached Santander Bank and obtained data from customers across Spain, Chile, and Uruguay. The alleged dataset contains 30 million customer records, 6 million account numbers with balances, 28 million credit card numbers, HR employee lists, and consumer citizenship information. The threat actor is offering the data for sale at $100,000 USD as a one-time sale.
Date: 2026-05-18T19:51:08Z
Network: telegram
Published URL: https://t.me/c/3500620464/8062
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Spain, Chile, Uruguay
Victim Industry: Financial Services/Banking
Victim Organization: Santander Bank
Victim Site: santander.com
Alleged Salesforce data breach affecting 989+ million records from 36 organizations
Category: Data Breach
Content: ShinyHunters claims to have compromised Salesforce and obtained data from 36 major organizations including Toyota, FedEx, Disney/Hulu, UPS, Home Depot, Marriott, Walgreens, Adidas, Qantas Airways, Cisco, and others. Total claimed records: 989.45 million to 1+ billion. Data is being offered for sale with individual organization data ranging from 155MB (Fujifilm) to 172.96GB (Republic Services). ShinyHunters explicitly identifies themselves as the threat actor and provides contact information for negotiations.
Date: 2026-05-18T19:50:58Z
Network: telegram
Published URL: https://t.me/c/3500620464/8042
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Cloud Computing/CRM
Victim Organization: Salesforce, Inc.
Victim Site: salesforce.com
Alleged data breach of Live Nation/Ticketmaster – 560 million customer records
Category: Data Breach
Content: ShinyHunters threat actor group claims to have compromised Live Nation/Ticketmaster systems, exfiltrating approximately 560 million customer records totaling 1.3TB of data. Stolen data includes full customer details (names, addresses, emails, phone numbers), ticket sales information, event details, order information, credit card details (last 4 digits and expiration dates), and customer fraud details. The group is offering the data for sale at $10,000 USD and providing contact information via XMPP, Telegram, and email.
Date: 2026-05-18T19:50:43Z
Network: telegram
Published URL: https://t.me/c/3500620464/8053
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Entertainment/Ticketing
Victim Organization: Live Nation Entertainment / Ticketmaster
Victim Site: ticketmaster.com
Alleged leak of Claude API keys with 2 million tokens
Category: Data Leak
Content: A threat actor claims to be leaking Claude API keys allegedly providing access to 2 million tokens across Claude Opus and other models. The credentials are shared as hidden content requiring forum registration. The post does not clarify the source of the leaked keys.
Date: 2026-05-18T19:50:37Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9A%A1-2-million-tokens-claude-opus-4-7-and-more-api-key-leak-%E2%9A%A1
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Alleged sale of verified access to Vercel Inc. infrastructure with supply chain attack capability
Category: Initial Access
Content: ShinyHunters threat actor claiming to have compromised Vercel Inc. (vercel.com) and offering for sale verified access keys, source code, database access, and multiple employee accounts with internal deployment access. Includes NPM tokens and GitHub tokens. Threat actor explicitly states this could enable a supply chain attack affecting all developers using Next.js (6 million weekly downloads). Price: $10,000 USD. Seller references April 19, 2026 breach stemming from third-party compromise (Context.ai) and OAuth token misuse. Claims involvement of Mandiant and law enforcement investigation.
Date: 2026-05-18T19:50:25Z
Network: telegram
Published URL: https://t.me/c/3500620464/8030
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Cloud Computing / Web Development Platform
Victim Organization: Vercel Inc.
Victim Site: vercel.com
Alleged sale of critical API access from major financial transactions company by ShinyHunters
Category: Initial Access
Content: ShinyHunters threat actor is selling critical API access from a major financial transactions company. The access enables transactions across 20+ countries including Brazil, Colombia, Argentina, Ecuador, Peru, Chile, Venezuela, United States, Indonesia, Bangladesh, Philippines, India, Thailand, Kenya, Nigeria, Tanzania, Malaysia, United Arab Emirates, Pakistan, Turkey, and Vietnam. The actor claims the company has over 95,000 employees worldwide and describes this as a gold mine for high-impact supply chain attack. Price listed at $10,000 USD.
Date: 2026-05-18T19:50:17Z
Network: telegram
Published URL: https://t.me/c/3500620464/8027
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Multiple countries
Victim Industry: Financial Services
Victim Organization: Unknown financial transactions company
Victim Site: Unknown
67.3K Gmail Combo List by D4rkNetHub
Category: Combo List
Content: A combo list containing approximately 67,300 Gmail credentials was shared on a cybercrime forum by the user D4rkNetHub. The content is hidden behind a registration or login wall. No specific breach victim or organization is identified.
Date: 2026-05-18T19:50:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-67-3k-gmail-d4rknethub-cloud
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ipotekabank.uz – 120GB customer and financial records
Category: Data Breach
Content: ShinyHunters threat actor claims to have breached ipotekabank.uz (Uzbekistan bank) and obtained 120GB of data including PDF contracts, card numbers with CVVs, expiration dates, personal data (names, emails, phone numbers), account information, transaction data, internal bank documents and correspondence. Structured customer database includes fields: id, full_name, email, phone, account_number, balance. Offering data for sale at $25,000 USD to verified buyers only.
Date: 2026-05-18T19:49:49Z
Network: telegram
Published URL: https://t.me/c/3500620464/8019
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Uzbekistan
Victim Industry: Banking/Financial Services
Victim Organization: ipotekabank.uz
Victim Site: ipotekabank.uz
Alleged data breach of Qatar Red Crescent – 3000 GB sensitive data with PII extraction
Category: Data Breach
Content: Threat actor claiming to have accessed and extracted approximately 3000 GB of data from an open-indexed Afghan server belonging to Qatar Red Crescent. Actor claims to have extracted names, personal numbers, and email addresses of senior officials across 17 domains. Data includes PDF and JPG formatted files. Actor requesting 17 hours to complete download and provide full dataset. Price listed as $100k USD.
Date: 2026-05-18T19:49:09Z
Network: telegram
Published URL: https://t.me/c/3500620464/7997
Screenshots:
None
Threat Actors: Shiny
Victim Country: Qatar
Victim Industry: Humanitarian/Non-profit
Victim Organization: Qatar Red Crescent
Victim Site: Unknown
Alleged ShinyHunters Free VECT Ransomware Decryptor Distribution
Category: Malware
Content: ShinyHunters threat actor group is distributing a free decryptor for VECT ransomware, positioning it as a response to media reports that VECT operators cannot decrypt files and are unreliable. The group is offering the decryptor as a gift requiring only the encryptor binary and an encrypted file sample. This appears to be a public relations/mockery campaign against a competing ransomware operation.
Date: 2026-05-18T19:48:39Z
Network: telegram
Published URL: https://t.me/c/3500620464/7992
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CCSSS Cybersecurity Center State Security Service Uzbekistan
Category: Data Breach
Content: ShinyHunters claims to have obtained approximately 5TB of data from CCSSS (Cybersecurity Center State Security Service of Uzbekistan), including personal information, documents, and databases. Sample data shows names, masked personal identification numbers (pinflMasked), positions, and departments of government cybersecurity officials. The threat actor is offering the data for $50,000 USD and has provided contact information via email and XMPP.
Date: 2026-05-18T19:48:15Z
Network: telegram
Published URL: https://t.me/c/3500620464/7995
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Uzbekistan
Victim Industry: Government/Cybersecurity
Victim Organization: CCSSS Cybersecurity Center State Security Service Uzbekistan
Victim Site: Unknown
Alleged leak of classified FSB document on countering Ukrainian intelligence
Category: Data Leak
Content: A threat actor operating under the alias mosad has leaked what is claimed to be a classified FSB document titled Measures to counter military, scientific and technical intelligence of Ukraines special services. The document is being made available for free via Telegram and an anonymous file-sharing platform. The authenticity and classification level of the document have not been independently verified.
Date: 2026-05-18T19:47:57Z
Network: openweb
Published URL: https://breached.st/threads/rus-secret-fsb-ukraine-intelligence-countermeasures-doc-leaked.87335/unread
Screenshots:
None
Threat Actors: mosad
Victim Country: Russia
Victim Industry: Government
Victim Organization: FSB (Federal Security Service of Russia)
Victim Site: Unknown
Alleged data leak of DPMPTSP Kabupaten Belu (Indonesia)
Category: Data Leak
Content: A threat actor has freely distributed a database purportedly belonging to the Investment and One-Stop Integrated Services Office (DPMPTSP) of Belu Regency, Indonesia. The database was made available via both clearnet and Tor download links. No further details regarding record count or data fields were provided in the post.
Date: 2026-05-18T19:47:15Z
Network: openweb
Published URL: https://breached.st/threads/database-dpmptsp.87334/unread
Screenshots:
None
Threat Actors: mrsauldown
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu Kabupaten Belu (DPMPTSP)
Victim Site: Unknown
OpSec discussion on photo steganography detection and mitigation
Category: Chatter
Content: A forum user on Dreads OpSec board is asking about steganography in phone camera images and best practices for mitigation. The post is a general OpSec question with no threat content, victim, or malicious activity claimed.
Date: 2026-05-18T19:34:11Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/9585492017d78889afb2
Screenshots:
None
Threat Actors: tofmalin 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor on a cybercrime forum is distributing a combo list advertised as 909 valid Hotmail credentials dated May 18, 2026. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T19:32:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%AB%86909-hotmail-valid-access-18-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 47K email credential combo list
Category: Combo List
Content: A threat actor on a combolist forum is distributing a mix of approximately 47,000 reportedly valid email access credentials. The content is hidden behind a registration or login wall. No specific victim organization or breach source is identified.
Date: 2026-05-18T19:32:06Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-47k-just-valid-mail-access-mix
Screenshots:
None
Threat Actors: CitronCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged European mix combo list with 14,521 credentials
Category: Combo List
Content: A combo list of approximately 14,521 email:password pairs described as semi-valid and sourced from European accounts has been shared on a cracking forum. The post is categorized as a mixed European credential list. No specific victim organization or breach source is identified.
Date: 2026-05-18T19:28:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-14-521-Semi-Valide-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Email Access Credentials (7,854 entries)
Category: Combo List
Content: A combo list containing 7,854 email access credentials described as semi-valid has been shared on a cracking forum. The list is marketed as suitable for email account access attempts.
Date: 2026-05-18T19:28:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-7-854-Semi-Valide-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hash Cracking Service Offered on Criminal Forum
Category: Services
Content: A threat actor operating under the alias isPacino is advertising a professional hash cracking service on a criminal forum. The service supports a wide range of hash types including MD5, SHA families, NTLM, bcrypt, and Argon2, using an 8-GPU cracking rig with customized dictionary and rule-based attacks. Pricing is flexible and offered on a per-recovered-hash or budget-based model.
Date: 2026-05-18T19:27:44Z
Network: openweb
Published URL: https://cracked.st/Thread-DEHASH-Professional-Hash-Cracking-Service-PACINO
Screenshots:
None
Threat Actors: isPacino
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 237 alleged high-quality Hotmail credentials on a cracking forum. The post advertises daily supply of 4K–12K fresh credentials and claims access is private and encrypted. Credentials are marketed as suitable for credential stuffing against Hotmail accounts.
Date: 2026-05-18T19:26:25Z
Network: openweb
Published URL: https://crackingx.com/threads/75704/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 47K mail access combo list mix
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 47,000 allegedly valid mail access credentials, dated May 18. The content is restricted to registered forum users. No specific victim organization or breach source is identified.
Date: 2026-05-18T19:26:07Z
Network: openweb
Published URL: https://crackingx.com/threads/75705/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of 24.8 million lines distributed freely
Category: Combo List
Content: A threat actor shared a combo list containing approximately 24.8 million URL:log:password lines via Tor and clearnet links. The post provides no details about the source or origin of the credentials. The dataset appears to be a large aggregated credential list.
Date: 2026-05-18T19:23:01Z
Network: openweb
Published URL: https://breached.st/threads/url-log-rass-24-832-630-million-lines.87332/unread
Screenshots:
None
Threat Actors: mrsauldown
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum chatter post with no actionable threat content
Category: Chatter
Content: A Dread forum user posted a chatter message regarding receiving Dread Premium membership. No threat-relevant content was available in the post.
Date: 2026-05-18T19:14:41Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/fd7eb6f01ec93e71d8a5/?context=9df5d618c15000aebe#c-b860b408d731ffc6d0
Screenshots:
None
Threat Actors: Paris
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Valorant accounts
Category: Combo List
Content: A forum user is sharing a combo list purportedly containing credentials for Valorant accounts. The content is hidden behind a registration or login wall, so no further details are available.
Date: 2026-05-18T19:06:13Z
Network: openweb
Published URL: https://patched.to/Thread-suhq-valorant-303725
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 754 Hotmail valid credentials
Category: Combo List
Content: A threat actor shared a combo list of 754 purportedly valid Hotmail credentials, marketed as active hits dated May 18, 2026. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-18T19:05:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%AB%86754-hotmail-valid-access-18-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed credential combo list batch
Category: Combo List
Content: A threat actor is offering a mixed batch of 713 credential combos via a public paste link and a Telegram channel. The actor also advertises tiered VIP access plans ranging from $3 to $100 for ongoing combo list access.
Date: 2026-05-18T19:04:39Z
Network: openweb
Published URL: https://crackingx.com/threads/75701/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of proxy checker tool
Category: Services
Content: A forum user is offering a proxy checker tool described as fast, lightweight, and accurate for $3. Contact is provided via Telegram.
Date: 2026-05-18T19:03:27Z
Network: openweb
Published URL: https://crackingx.com/threads/75699/
Screenshots:
None
Threat Actors: theshitter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Valorant
Category: Combo List
Content: A combo list purportedly containing credentials targeting Valorant accounts was shared on a cracking forum. The post is titled SUHQ VALORANT PRIVATE, suggesting the list may be marketed as high-quality or previously private. No further details are available from the post content.
Date: 2026-05-18T19:01:07Z
Network: openweb
Published URL: https://cracked.st/Thread-User-Pass-SUHQ-VALORANT-PRIVATE–2095898
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Disney Combo List
Category: Combo List
Content: A combo list targeting Disney accounts was shared on a cracking forum. The post contains email and password pairs intended for credential stuffing against Disneys platform. No further details are available regarding the record count or origin of the credentials.
Date: 2026-05-18T19:00:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-D%C4%B0SNEY-COMBOLIST
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Ubisoft credential combo list
Category: Combo List
Content: A forum post on Cracked.st advertises a combo list targeting Ubisoft accounts. No post content was available to confirm details such as record count, format, or validity.
Date: 2026-05-18T19:00:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-UBISOFT-COMBOLIST-TARGET
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mixed mail access combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1,700 UHQ mixed mail access credentials on a cybercrime forum. The post is categorized as email:password pairs marketed for use in credential stuffing or account takeover activity. No specific victim organization or service is identified.
Date: 2026-05-18T19:00:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1700X-UHQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list: 1,600 mixed credentials shared on cracking forum
Category: Combo List
Content: A forum user shared a combo list of approximately 1,600 mixed email:password credentials on a cracking forum. No additional details about the source or target service are available.
Date: 2026-05-18T18:59:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1600x-HQ-MIX
Screenshots:
None
Threat Actors: BossRex
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list with claimed valid hits
Category: Combo List
Content: A forum user shared a combo list of 636 claimed valid Hotmail credentials. The post is categorized as a credential stuffing resource targeting Hotmail accounts. No additional context or pricing details are available.
Date: 2026-05-18T18:59:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X636-HOTMAIL-VALID-HITS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of MediaVacances.com
Category: Data Leak
Content: A threat actor is leaking an alleged database dump from MediaVacances.com, a French holiday rental platform. The 188 MB JSON-format dataset contains approximately 256,000 records including invoice data, customer names, addresses, payment method references, and transaction amounts. Sample records show detailed billing invoices in French, suggesting financial and personal data exposure.
Date: 2026-05-18T18:56:24Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-256K-MediaVacances-com
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Travel & Hospitality
Victim Organization: MediaVacances
Victim Site: mediavacances.com
Alleged data breach of SP Elecnor
Category: Data Breach
Content: A threat actor is offering data allegedly belonging to SP Elecnor for sale on a cybercrime forum. The post includes a sample link and directs interested buyers to contact via Telegram. No details regarding record count or data types were disclosed.
Date: 2026-05-18T18:56:20Z
Network: openweb
Published URL: https://breached.st/threads/sp-elecnor-data-is-available.87330/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Unknown
Victim Industry: Energy
Victim Organization: SP Elecnor
Victim Site: Unknown
Dark Net Market Vendor Dispute Over Incorrect Product Shipment
Category: Chatter
Content: A forum user on Dreads DarkNetMarkets community reports receiving the wrong substance (Tramadol instead of Tapentadol) from an unnamed vendor on DrugHub marketplace. The user has not finalized the order and is seeking advice on the dispute process. No cybersecurity threat content is present in this post.
Date: 2026-05-18T18:45:45Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/99f02ac3b518c5ad06b6
Screenshots:
None
Threat Actors: wherearetheroxis 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
India-targeted combo list of 4 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 4 million semi-valid credentials targeting India. The list is being shared via Telegram channels and a cracking forum. No specific breached organization is identified.
Date: 2026-05-18T18:45:26Z
Network: openweb
Published URL: https://crackingx.com/threads/75698/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloud-based proxy or log service by threat actor s2lender
Category: Services
Content: A threat actor operating as s2lender is advertising a subscription-based cloud service on a cracking forum, offering tiered membership plans ranging from $10 for 3-day access to $200 for lifetime access. The service claims to provide 4,000–12,000 daily fresh & untouched supply with private encrypted access, consistent with a proxy, combo, or log feed service. No specific victim organization or data type is explicitly identified in the post.
Date: 2026-05-18T18:44:17Z
Network: openweb
Published URL: https://crackingx.com/threads/75697/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SP Elecnor
Category: Data Breach
Content: A threat actor on BreachForums is offering SP Elecnor data for sale. The post includes a sample image link and directs interested buyers to contact via Telegram. No record count or data type details were specified in the post.
Date: 2026-05-18T18:43:38Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SP-Elecnor-Data-Available
Screenshots:
None
Threat Actors: Mikhel
Victim Country: Unknown
Victim Industry: Energy
Victim Organization: SP Elecnor
Victim Site: Unknown
VoIP Caller ID Spoofing Service Advertised on Forum
Category: Services
Content: A forum user is advertising a VoIP caller ID spoofing service via Telegram. The post provides a Telegram contact link for the service operator. No specific victim or target is identified.
Date: 2026-05-18T18:43:13Z
Network: openweb
Published URL: https://patched.to/Thread-zeus-voip-caller-id-spoofer
Screenshots:
None
Threat Actors: Zeusvoip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail-targeted combo list of 123K credentials offered for sale
Category: Combo List
Content: A threat actor is offering a 123K Hotmail-targeted combo list for download and sale on a cracking forum. The post also advertises additional combo lists targeting AOL, Yahoo, Outlook, and various regional email providers. Credentials are formatted as EMAIL:PASS and USER:PASS.
Date: 2026-05-18T18:43:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-123K-HOTMAIL-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 12,693 European email credentials
Category: Combo List
Content: A combo list containing 12,693 semi-validated European email and password pairs was shared on a cracking forum. The list is described as partially validated and targeted at European accounts.
Date: 2026-05-18T18:42:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-12-693-Semi-Valide-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed Country Hotmail Combo List with 1.8 Million Lines
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 1.8 million email:password lines targeting Hotmail.com accounts. The list is described as mixed country and marketed for credential stuffing use against Microsoft/Hotmail services.
Date: 2026-05-18T18:41:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-818-494-Lines-%E2%9C%85-Mixed-Country-Hotmail-com-COmbolist-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Email Access Credentials (10,050 Records)
Category: Combo List
Content: A combo list of approximately 10,050 email access credentials described as semi-valid was shared on a public forum. The list is marketed for use in credential stuffing or email account access attempts. No specific victim organization or breach source is identified.
Date: 2026-05-18T18:41:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-050-Semi-Valide-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email credential checker and SQL injection tool
Category: Malware
Content: A threat actor is advertising Heimdallr, a tool combining an IMAP email credential checker and SQL injection capabilities. The tool is offered for sale via a Telegram support channel. No specific victim organization is identified in the post.
Date: 2026-05-18T18:41:03Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8FHeimdallar-Email-checker-IMAP-Viewer-and-SQL-injectior%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Heimdaller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 1K French email access credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1,000 French email access credentials dated May 18. The content is gated behind a reply requirement on the forum.
Date: 2026-05-18T18:39:39Z
Network: openweb
Published URL: https://altenens.is/threads/1k-france-valid-mail-access18-05.2942400/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2.8M gaming combo list targeting Roblox, Minecraft, PSN, and Xbox
Category: Combo List
Content: A threat actor is offering a combo list of approximately 2.8 million credentials marketed as a private base suitable for credential stuffing against gaming platforms including Roblox, Minecraft, PSN, and Xbox. The post advertises the list as part of a broader combo cloud service operated via Telegram.
Date: 2026-05-18T18:34:02Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage2-8m-gaming-roblox-minecraft-psn-xboxhigh-voltageprivate-base-good-on-any-targethigh-voltage.87327/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Steam and Xbox combo list with 2.5 million credentials
Category: Combo List
Content: A threat actor operating under the alias MetaCloud is offering a combo list of approximately 2.5 million credentials marketed as targeting Steam and Xbox accounts. The post advertises the data as private and high quality, and promotes a Telegram-based combo cloud service. No specific breached organization is identified.
Date: 2026-05-18T18:33:30Z
Network: openweb
Published URL: https://breached.st/threads/2-5m-high-voltage-steam-xbox-mix-high-voltage-100-private-data-high-voltagegood-quality-and-many-hitshigh-voltage-18-05-26high-voltage.87328/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 20+ Indonesian Professional Certification Institute (LSP) databases
Category: Data Leak
Content: A threat actor claims to have obtained 20 or more LSP (Professional Certification Institute) databases from across Indonesia and is publicly leaking sample data in an attempt to extort payment from CV Minaret Group. The leaked data includes personal identification numbers (KTP), names, dates of birth, email addresses, phone numbers, physical addresses, educational records, and photographs. The actor states they will continue publishing data and conducting attacks until the ransom demand is met.
Date: 2026-05-18T18:32:05Z
Network: openweb
Published URL: https://breached.st/threads/20-database-indonesian-silsp.87324/unread
Screenshots:
None
Threat Actors: Kyyza
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Ivet (Unisvet) Semarang / CV Minaret Group / LSP Indonesia
Victim Site: Unknown
Alleged data leak of Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu Kabupaten Belu (DPMPTSP)
Category: Data Leak
Content: A threat actor has leaked a database attributed to the Investment and Integrated One-Stop Service Office of Belu Regency (DPMPTSP), Indonesia. The dataset, shared as an Excel file, reportedly contains business actor and investment data with over 12,300 records. The data was made available as a free download via an external file-sharing link.
Date: 2026-05-18T18:31:39Z
Network: openweb
Published URL: https://breached.st/threads/dinas-penanaman-modal-dan-pelayanan-terpadu-satu-pintu-kabupaten-belu-dpmptsp.87329/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu Kabupaten Belu (DPMPTSP)
Victim Site: Unknown
Unidentified substance inquiry on darknet forum
Category: Chatter
Content: A forum user posted an image of unidentified blue crystals on a darknet forum asking for identification. The post contains no threat intelligence content relevant to cyber operations.
Date: 2026-05-18T18:22:36Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/f5cded392360a6377f21
Screenshots:
None
Threat Actors: mars780 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,383 Hotmail Credentials
Category: Combo List
Content: A threat actor shared a combo list of 2,383 alleged valid Hotmail credentials on a public forum. The content is hidden behind a registration/login wall and conditioned on user engagement. This post is typical of credential-stuffing list distribution targeting Microsoft Hotmail accounts.
Date: 2026-05-18T18:21:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A12383x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 9.2 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list containing approximately 9.2 million email and password pairs, marketed as fresh and high quality. The post encourages users to claim valid hits and also promotes additional private bases available via Telegram.
Date: 2026-05-18T18:17:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-9-2MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 9,294 Email:Password Credentials Shared Free
Category: Combo List
Content: A combo list of approximately 9,294 email and password pairs has been shared on a cracking forum. The credentials are marketed as semi-valid with fresh hits. No specific victim organization is identified.
Date: 2026-05-18T18:16:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-9-294-Semi-Valide-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged hacking services offering unauthorized account access and compromise
Category: Cyber Attack
Content: User advertising illegal hacking services including Telegram, mobile phone, website, iCloud, Snapchat, Email, Reddit, and LinkedIn account hacking/compromise. Also offering stolen funds recovery services. Contact via Telegram @sureciphern__
Date: 2026-05-18T18:16:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/84379
Screenshots:
None
Threat Actors: sureciphern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 7.8 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a combo list containing approximately 7.8 million email:password pairs, marketed as fresh and high quality. The post encourages users to grab valid hits and also advertises additional private bases available via Telegram. No specific victim organization or target service is identified.
Date: 2026-05-18T18:16:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-7-8MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA–2095870
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 15.1 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a combo list containing approximately 15.1 million email and password pairs, marketed as fresh and high quality. The post encourages users to obtain valid hits before others and advertises additional private bases via Telegram.
Date: 2026-05-18T18:16:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-15-1MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 4.9 million email and password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list containing approximately 4.9 million email and password pairs, marketed as fresh and high quality. The post encourages users to use the credentials before others and advertises additional private bases via Telegram.
Date: 2026-05-18T18:15:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-4-9MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA–2095868
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 20.2 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a combo list claiming to contain 20.2 million email and password pairs, marketed as fresh and high quality. The post encourages users to use the credentials before others and advertises additional private bases via Telegram.
Date: 2026-05-18T18:15:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-20-2MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 17.9 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list containing approximately 17.9 million email and password pairs, marketed as fresh and high quality. The post encourages users to obtain valid hits before others and advertises additional private bases available via Telegram.
Date: 2026-05-18T18:15:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-17-9MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 14.2 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum is freely distributing a combo list containing 14.2 million email:password pairs marketed as fresh and high quality. The post encourages users to obtain the credentials before others and promotes additional private bases via Telegram.
Date: 2026-05-18T18:14:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-14-2MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 10.2 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a combo list containing approximately 10.2 million email and password pairs, marketed as fresh and high quality. The post encourages users to grab valid hits and also advertises additional bases available via Telegram.
Date: 2026-05-18T18:14:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-10-2MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 5.8 million email-password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list containing approximately 5.8 million email-password pairs, marketed as fresh and high quality. The post encourages users to use the credentials before others and promotes additional private bases available via Telegram.
Date: 2026-05-18T18:14:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-5-8MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA–2095862
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of business corporate domain credentials
Category: Combo List
Content: A combo list containing approximately 100,671 email:password credential pairs targeting business and corporate domains was shared on a cracking forum. No additional details about the source or targeted organizations are available.
Date: 2026-05-18T18:13:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100-671-%E2%AD%90%EF%B8%8F-Bussines-Corp-DOmain
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 13.8 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a combo list containing approximately 13.8 million email and password pairs, marketed as fresh and high quality. The post encourages users to use the credentials before others and promotes additional private bases available via Telegram.
Date: 2026-05-18T18:13:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-13-8MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed IMAP credentials (4,600 records)
Category: Combo List
Content: A forum user shared a combo list of 4,600 mixed IMAP email credentials. The post contains minimal detail beyond a bump of the original thread. No specific victim organization or breach source is identified.
Date: 2026-05-18T18:13:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4600x-GOOD-MIX-IMAP
Screenshots:
None
Threat Actors: BTC88
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Twitter, Reddit, TikTok, Facebook, and Instagram
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.9 million email:password credentials advertised as suitable for credential stuffing against multiple platforms including Twitter/X, Reddit, TikTok, Facebook, and Instagram. The post markets the list as a private base effective on any target. No specific breach victim is identified.
Date: 2026-05-18T18:12:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A11-9M-TWITTER-X-REDDIT-TIKTOK-FB-IG%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of European mixed combo list with 10,178 credentials
Category: Combo List
Content: A threat actor shared a mixed European combo list containing approximately 10,178 semi-valid email:password credential pairs on a cracking forum. The list is described as semi-valid and appears to target European accounts across multiple services.
Date: 2026-05-18T18:12:25Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-178-Semi-Valide-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access credentials and combolists across multiple countries
Category: Initial Access
Content: Threat actor offering mail access credentials for multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan) along with configurations, scripts, tools, and combolists. Contact via @DataxLogs on Telegram.
Date: 2026-05-18T18:11:23Z
Network: telegram
Published URL: https://t.me/c/2613583520/84374
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of shopping and food sector combo list with 1.6 million credentials
Category: Combo List
Content: A threat actor operating under the alias MetaCloud is offering a combo list of approximately 1.6 million credentials targeting shopping and food sector services, marketed as private and high-quality. The post advertises a commercial combo cloud subscription service via Telegram. No specific victim organization or breach source is identified.
Date: 2026-05-18T18:10:41Z
Network: openweb
Published URL: https://breached.st/threads/1-6m-high-voltage-shopping-food-high-voltage-100-private-data-high-voltagegood-quality-and-many-hitshigh-voltage-18-05-26high-voltage.87317/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.4M mixed combo list targeting multiple countries
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1.4 million credentials sourced from users in the USA, France, Germany, Poland, and the UK. The list is advertised as suitable for credential stuffing against any target. The post promotes a Telegram-based combo cloud service operated by the author.
Date: 2026-05-18T18:10:08Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage1-4m-mix-usa-fr-de-pl-ukhigh-voltageprivate-base-good-on-any-targethigh-voltage.87318/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Crypto and PayPal services
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1.1 million credentials marketed as targeting cryptocurrency and PayPal services. The post advertises the data as private and high quality with many hits, available via a Telegram-based combo cloud service.
Date: 2026-05-18T18:09:38Z
Network: openweb
Published URL: https://breached.st/threads/1-1m-high-voltage-crypto-paypal-high-voltage-100-private-data-high-voltagegood-quality-and-many-hitshigh-voltage-18-05-26high-voltage.87320/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2.7 million music service combo list targeting Spotify and SoundCloud
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.7 million credentials marketed as suitable for credential stuffing against music streaming services including Spotify and SoundCloud. The post advertises the list as sourced from a private base and claims it is effective against any target. The actor also promotes a Telegram-based combo cloud service.
Date: 2026-05-18T18:08:59Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage2-7m-music-spotify-soundcloudhigh-voltageprivate-base-good-on-any-targethigh-voltage.87321/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Walmart credential combo list with 1.9 million records offered for sale
Category: Combo List
Content: A threat actor operating under the alias MetaCloud is distributing a combo list of approximately 1.9 million credentials marketed as suitable for credential stuffing against Walmart. The post promotes a commercial combo cloud service via Telegram, advertising private lines and high-quality data. Walmart is the stated credential-stuffing target and is not the breach victim.
Date: 2026-05-18T18:08:28Z
Network: openweb
Published URL: https://breached.st/threads/1-9m-high-voltage-shopping-walmarthigh-voltage-100-private-data-high-voltagegood-quality-and-many-hitshigh-voltage-18-05-26high-voltage.87322/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Polish political party Nowa Nadzieja
Category: Data Breach
Content: A Breachforums user (xyph0rix) has posted a thread disclosing a database breach affecting Nowa Nadzieja, a Polish political party. The breach details are shared on the Breachforums platform.
Date: 2026-05-18T18:07:17Z
Network: telegram
Published URL: https://t.me/Xyph0rix/384
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Poland
Victim Industry: Political
Victim Organization: Nowa Nadzieja
Victim Site: Unknown
Alleged data leak of mail.qq.com database
Category: Data Leak
Content: A threat actor has shared a file purportedly containing a database dump from mail.qq.com, the email service operated by Tencent. The dataset is made available via an external file-sharing link. No record count or additional details were provided in the post.
Date: 2026-05-18T18:07:12Z
Network: openweb
Published URL: https://breached.st/threads/database-mail-qq-com.87319/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: China
Victim Industry: Technology
Victim Organization: Tencent QQ Mail
Victim Site: mail.qq.com
Alleged data leak of Polish political party Nowa Nadzieja
Category: Data Leak
Content: A threat actor has leaked an alleged database belonging to Nowa Nadzieja, a Polish political party. The dataset was made available via an external file-sharing link. No further details regarding record count or data fields were provided in the post.
Date: 2026-05-18T18:06:40Z
Network: openweb
Published URL: https://breached.st/threads/database-polish-political-party-nowa-nadzieja.87323/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Poland
Victim Industry: Government
Victim Organization: Nowa Nadzieja
Victim Site: Unknown
Combo List: Hotmail Credentials (1.8K Fresh Hits)
Category: Combo List
Content: A threat actor shared links to a combo list containing approximately 1,800 Hotmail credentials marketed as fresh hits. The content was distributed freely via an external paste service. No specific breach victim or organization is identified.
Date: 2026-05-18T17:52:13Z
Network: openweb
Published URL: https://patched.to/Thread-1-8k-hq-hotmail-access-fresh-hits
Screenshots:
None
Threat Actors: NullshopAds
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea Email Combo List (Batch 47/100)
Category: Combo List
Content: A threat actor is freely distributing a South Korea email combo list as part of a batch series (47 of 100). The content is hidden behind a registration/login wall on the forum. No specific victim organization or record count is identified.
Date: 2026-05-18T17:51:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-47-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 713 claimed valid Hotmail credentials, dated 18 May 2026. The content is gated behind registration or login on the forum.
Date: 2026-05-18T17:51:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%AB%86713-hotmail-valid-access-18-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of Hotmail email and password pairs on a cracking forum, marketing the credentials as fresh hits. The post includes a download link with no further details on record count or origin.
Date: 2026-05-18T17:49:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90FRESH%E2%AD%90HOTMAIL%E2%AD%90HITS%E2%AD%90–2095852
Screenshots:
None
Threat Actors: tihyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 8,542 email:password credentials shared freely
Category: Combo List
Content: A combo list of approximately 8,542 email:password credential pairs was shared on a cracking forum. The post describes the credentials as semi-valid, fresh, and with good lines. No specific victim organization or targeted service is identified.
Date: 2026-05-18T17:49:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-8-542-Semi-Valide-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.3 million Glovo-themed credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.3 million email:password pairs described as a private base suitable for credential stuffing against any target. The post references Glovo in the title but the credentials are marketed as broadly usable. No specific breach victim is identified.
Date: 2026-05-18T17:48:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A11-3M-GLOVO%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 14.3 million email-password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list containing approximately 14.3 million email-password pairs, marketed as fresh and high-quality. The post encourages users to use the credentials before others and promotes additional private bases available via Telegram.
Date: 2026-05-18T17:48:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-14-3MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 6.9 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a combo list containing approximately 6.9 million email:password pairs, marketed as fresh and high quality. The post encourages users to obtain the credentials before others and promotes additional private bases available via Telegram.
Date: 2026-05-18T17:48:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-6-9MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Semi-validated European combo list with 14,731 credentials
Category: Combo List
Content: A combo list containing 14,731 semi-validated European email and password pairs has been shared on a cracking forum. The credentials are marketed as having partial validation (semi-valid) and may be used for credential stuffing against various online services.
Date: 2026-05-18T17:47:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-14-731-Semi-Valide-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Claude AI MAX subscription access
Category: Services
Content: A forum seller is offering access to Claude AI MAX subscriptions starting at $5.99 per day or $24.99 per week. Buyers reportedly receive a link and code to access the service, which includes unlimited usage and access to Claude Opus and Sonnet models. The offering is likely based on compromised or shared accounts.
Date: 2026-05-18T17:47:15Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90CLAUDE-AI-MAX%E2%9C%85FAST-DELIVERY%E2%AD%90STARTING-5-99
Screenshots:
None
Threat Actors: pollymydolly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Drug bust in League City following controlled delivery of prescription medications
Category: Chatter
Content: A forum post on Dreads OpSec board shares a news item about a law enforcement controlled delivery operation in League City, Texas, resulting in two arrests and the seizure of over 120 kilos of prescription narcotics. This is a drug trafficking news item with no direct cyber threat content. The post does not contain any actionable threat intelligence.
Date: 2026-05-18T17:45:44Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/d8b5eabb9b15be8d8f69
Screenshots:
None
Threat Actors: Baby_Bottle_Bartard 🍼
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of zero-click full-chain exploitation framework targeting iOS and Android devices
Category: Malware
Content: A threat actor is selling C2 BlackSite, a claimed zero-click full-chain exploitation framework targeting iOS 13–26.4.2 and Android 7–17. The framework allegedly delivers browser RCE, sandbox escape, kernel read/write, and persistent implant capabilities via SMS, email, QR codes, and messaging platforms. Advertised post-exploitation modules include keychain ripping, credential extraction, real-time surveillance, cryptocurrency wallet seed phrase harvesting, and banking app compromise.
Date: 2026-05-18T17:39:47Z
Network: openweb
Published URL: https://breached.st/threads/zero-click-ios-android-exploit-supported-ios-13-to-26-4-2-and-android-7-to-17.87314/unread
Screenshots:
None
Threat Actors: C2Exploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of zero-click full-chain exploit framework targeting iOS and Android devices
Category: Malware
Content: A threat actor is selling C2 BlackSite, a claimed zero-click full-chain exploitation framework targeting iOS 13–26.4.2 and Android 7–16. The framework allegedly delivers browser RCE, sandbox escape, kernel read/write, and a persistent implant via SMS, email, QR code, WhatsApp, Telegram, or any URL-sharing channel with no victim interaction required. Advertised capabilities include keychain extraction, messaging app data harvesting, cryptocurrency wallet seed phrase theft, banking credential in
Date: 2026-05-18T17:38:54Z
Network: openweb
Published URL: https://breached.st/threads/c2-reme-ios-13-26-4-2-zero-click-exploit-and-android-7-to-16.87315/unread
Screenshots:
None
Threat Actors: C2Exploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access to cloud infrastructure and compromised accounts
Category: Initial Access
Content: Threat actor offering rental access to RDP on Azure, AWS, and Digital Ocean infrastructure for $200 daily/monthly rates. Also advertising compromised domain email accounts, Gmail, Yahoo accounts, GitHub Student accounts, and stolen subscription credentials (ChatGPT Plus, Claude, ElevenLabs Creator Plan). Services offered with escrow protection.
Date: 2026-05-18T17:27:01Z
Network: telegram
Published URL: https://t.me/c/2613583520/84358
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Technology/Cloud Services
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Lifespan Industries by Attacker atig313
Category: Defacement
Content: On May 19, 2026, the website lifespan.industries was defaced by a threat actor operating under the handle atig313. The attacker targeted a specific page (atig313.ht…) rather than the homepage, indicating a targeted page-level defacement. No team affiliation, motivation, or technical details regarding the server environment were disclosed.
Date: 2026-05-18T17:23:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924740
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Manufacturing / Industrial Services
Victim Organization: Lifespan Industries
Victim Site: lifespan.industries
Combo list of 2.3 million credentials advertised as suitable for any target
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.3 million email:password credentials, described as a private base sourced from IPVanish, ExpressVPN, and NordVPN accounts. The list is advertised as effective against any credential-stuffing target.
Date: 2026-05-18T17:23:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A12-3M-IPVANISH-EXPRESSVPN-NORDVPN%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of European mixed combo list with 29,497 credentials
Category: Combo List
Content: A threat actor shared a European mixed combo list containing 29,497 email:password pairs on a cracking forum. The list is described as private and full access (FA). No specific victim organization or breach source is identified.
Date: 2026-05-18T17:22:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-29-497-Private-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of natural1999.com by atig313
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the handle atig313 defaced a specific page on natural1999.com, targeting the path /atig313.html. The incident was a single-page defacement, not classified as a mass or home page defacement. No affiliation with a known group or team was identified for this attacker.
Date: 2026-05-18T17:22:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924736
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: natural1999.com
Sale of UHQ Yahoo combo list with 235K credentials
Category: Combo List
Content: A threat actor is distributing a combo list marketed as 235K UHQ Yahoo credentials described as fresh. The post is sponsored by a third-party AIO tool service. Per combo list conventions, Yahoo is a credential-stuffing target, not the breach source.
Date: 2026-05-18T17:22:19Z
Network: openweb
Published URL: https://cracked.st/Thread-235K-UHQ-YAHOO-COMBO-FRESH–2095843
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list with 550K credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 550,000 Hotmail credentials, marketed as UHQ and fresh. The post is sponsored by vows.solutions and shared on a public cracking forum.
Date: 2026-05-18T17:22:01Z
Network: openweb
Published URL: https://cracked.st/Thread-550K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4.3 million alleged Gmail credentials
Category: Combo List
Content: A threat actor on Cracked.st is distributing an alleged combo list of 4.3 million Gmail credentials marketed as fresh. The post is sponsored by an AIO checker service. Per combo list conventions, Gmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-18T17:21:41Z
Network: openweb
Published URL: https://cracked.st/Thread-4-3M-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of HLR-Rådet by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, threat actor atig313 defaced a page on hlr-radet.se, the website of the Swedish Resuscitation Council (HLR-Rådet), a healthcare-related organization in Sweden. The attack targeted a specific subpage (atig313.html) and was carried out as a single, non-mass defacement. The attacker operated independently without affiliation to a known hacking team.
Date: 2026-05-18T17:21:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924734
Screenshots:
None
Threat Actors: atig313
Victim Country: Sweden
Victim Industry: Healthcare
Victim Organization: HLR-Rådet (Swedish Resuscitation Council)
Victim Site: hlr-radet.se
Combo List of European email credentials (7,080 entries)
Category: Combo List
Content: A combo list containing approximately 7,080 semi-validated European email and password pairs has been shared on a cracking forum. The list is marketed as suitable for credential stuffing against various services.
Date: 2026-05-18T17:21:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-7-080-Semi-Valide-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.3 million UHQ mixed mail combo list
Category: Combo List
Content: A threat actor is sharing a combo list containing 1.3 million email and password combinations, marketed as fresh UHQ (ultra-high quality) mixed mail credentials. The post is sponsored by an AIO checker service, suggesting the list is intended for credential stuffing attacks.
Date: 2026-05-18T17:21:05Z
Network: openweb
Published URL: https://cracked.st/Thread-1-3M-UHQ-MIXED-MAIL-COMBO-FRESH–2095845
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 204K UHQ Outlook credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 204,000 Outlook credentials marketed as UHQ and fresh. The post is sponsored by a credential-stuffing tool service. The named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-18T17:20:46Z
Network: openweb
Published URL: https://cracked.st/Thread-204K-UHQ-OUTLOOK-COMBO-FRESH–2095841
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Archifunction by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, threat actor atig313 defaced the website archifunction.com, targeting a specific page (atig313.html). The attack was a single-page defacement, not classified as a mass or home page defacement. The attacker operated independently without affiliation to a known group, and server details remain unconfirmed.
Date: 2026-05-18T17:20:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924745
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Architecture / Design
Victim Organization: Archifunction
Victim Site: archifunction.com
Website Defacement of The Museum Outlet by atig313
Category: Defacement
Content: On May 19, 2026, the attacker known as atig313 defaced a page on themuseumoutlet.com, an online retail platform specializing in art and museum merchandise. The incident was a targeted single-page defacement, not affecting the homepage or conducted as part of a mass defacement campaign. No team affiliation, specific motivation, or technical server details were disclosed in connection with the attack.
Date: 2026-05-18T17:19:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924737
Screenshots:
None
Threat Actors: atig313
Victim Country: United States
Victim Industry: Retail / E-Commerce (Art & Museum Products)
Victim Organization: The Museum Outlet
Victim Site: themuseumoutlet.com
Sale of mixed email/password combo list with 77K credentials
Category: Combo List
Content: A threat actor shared a mixed email/password combo list containing approximately 77,000 credential pairs via an external file-sharing link. The list is of mixed origin and not attributed to a specific organization or breach.
Date: 2026-05-18T17:18:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-77K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Argus Medya by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, threat actor atig313 defaced a specific page on argusmedya.com, a Turkish media organization. The attack targeted a single page rather than the homepage and was carried out without an affiliated team. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-18T17:18:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924744
Screenshots:
None
Threat Actors: atig313
Victim Country: Turkey
Victim Industry: Media
Victim Organization: Argus Medya
Victim Site: argusmedya.com
Website Defacement of pzht.in by Attacker atig313
Category: Defacement
Content: On May 19, 2026, an attacker operating under the handle atig313 defaced a page on the domain pzht.in, a site with an Indian (.in) TLD. The defacement was a targeted, single-page attack with no team affiliation reported. No specific motivation or technical details regarding the server or exploitation method were disclosed.
Date: 2026-05-18T17:17:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924739
Screenshots:
None
Threat Actors: atig313
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pzht.in
Website Defacement of Harris Chewing by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, the website harrischewning.com was defaced by threat actor atig313, operating without an affiliated team. The attacker targeted a specific page (atig313.htm) rather than the homepage, indicating a targeted single-page defacement. No specific motive or vulnerability details were disclosed in connection with this incident.
Date: 2026-05-18T17:15:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924735
Screenshots:
None
Threat Actors: atig313
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Harris Chewing
Victim Site: harrischewning.com
Sale of Japan combo list with 157K credentials
Category: Combo List
Content: A forum member is distributing a combo list marketed as 157K high-quality credentials associated with Japanese accounts. The actual content is hidden behind a registration or login gate. No specific victim organization or service is identified.
Date: 2026-05-18T17:15:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-157k-japan-hq-good-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Italian combo list with 230K credentials
Category: Combo List
Content: A forum user is sharing a combo list of approximately 230,000 credentials purportedly sourced from Italian accounts. The content is hidden behind a registration/login wall. No specific victim organization or breach source is identified.
Date: 2026-05-18T17:15:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-230k-italy-high-quality-good-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 160K France UHQ Combo List
Category: Combo List
Content: A threat actor shared a combo list of approximately 160,000 credentials allegedly targeting French accounts. The content is gated behind registration or login on the forum. No specific victim organization is identified.
Date: 2026-05-18T17:15:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-160k-france-uhq-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged hacking services offering unauthorized access to Telegram, iCloud, email, and social media accounts
Category: Cyber Attack
Content: User CIPHERN advertising hacking services including Telegram account compromise, mobile phone hacking, website hacking, iCloud account access, IP camera compromise, Snapchat hacking, email account access, stolen funds recovery, and social media account rental/hacking for Reddit and LinkedIn. Contact provided via Telegram handle @sureciphern__.
Date: 2026-05-18T17:14:42Z
Network: telegram
Published URL: https://t.me/c/2613583520/84346
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail credential combo list with claimed Hotmail hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,319 mixed mail credentials, advertised as containing valid Hotmail hits. The content is hidden behind a registration/login wall and the actor promotes their Telegram handle for further contact.
Date: 2026-05-18T17:11:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-4319x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Leak of J.A.R.V.I.S AI-Powered Desktop Assistant Full Source Code
Category: Data Leak
Content: A threat actor has freely shared the full source code of a JARVIS AI-powered desktop assistant project, originally developed for macOS and modified for Windows. The release includes integrations with Google Gemini API, Spotify, WhatsApp, and various system utilities. No specific organization is identified as the original developer.
Date: 2026-05-18T17:03:36Z
Network: openweb
Published URL: https://altenens.is/threads/star-leak-star-j-a-r-v-i-s-ai-powered-desktop-assistant-full-source-code-included-fire.2942377/unread
Screenshots:
None
Threat Actors: QUB3RN4T0R
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 22,000 mixed email/password credentials
Category: Combo List
Content: A threat actor has shared a mixed combo list containing approximately 22,000 email and password pairs via an anonymous file-sharing service. The credentials appear to be sourced from multiple breaches and are not attributed to a specific organization.
Date: 2026-05-18T16:59:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Mixed-22K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Perm National Research Polytechnic University (PSTU)
Category: Data Leak
Content: A threat actor claims to have leaked a complete database dump from the student research accounting and monitoring system of Perm National Research Polytechnic University (PSTU), Russia. The dataset, approximately 50 MB in size, contains 362,786 rows across multiple CSV tables including student personal details such as full names, email addresses, group affiliations, and academic department data. The data is being freely shared on BreachForums, purportedly originating from a breach in late 2025.
Date: 2026-05-18T16:56:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-uchetnirs-bf-pstu-ru-Perm-National-Research-Polytechnic-University-Russia-Leaked
Screenshots:
None
Threat Actors: Obey_Your_Master
Victim Country: Russia
Victim Industry: Education
Victim Organization: Perm National Research Polytechnic University
Victim Site: uchetnirs.bf.pstu.ru
Sale of Valorant account combo list with over 400,000 credentials
Category: Combo List
Content: A threat actor is offering a private Valorant combo list advertised as containing over 400,000 credentials across mixed regions, marketed as fresh with guaranteed hits. A credential checker with available source code is also offered for sale via a Discord server.
Date: 2026-05-18T16:53:54Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-3555x-valorant-mixed-region-account-combolist
Screenshots:
None
Threat Actors: cdrgod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed email:password credentials (429,000 records)
Category: Combo List
Content: A mixed email:password combo list containing approximately 429,000 records was shared on a cracking forum. The post is categorized as a combo list based on the thread title and forum context. No additional details about the source or targeted services are available.
Date: 2026-05-18T16:52:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-MIX-Unique-Combo-4-429000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mail access combo list (5K)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5,000 mail access credentials marketed as fresh and high quality. The post is sponsored by vows.solutions and shared on a public cracking forum.
Date: 2026-05-18T16:52:40Z
Network: openweb
Published URL: https://cracked.st/Thread-5K-SUHQ-MAIL-ACCESS-COMBO-FRESH–2095832
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 50K mixed combo list
Category: Combo List
Content: A threat actor is offering a mixed combo list of 50,000 credentials, marketed as super ultra high quality (SUHQ) and fresh. The post is sponsored by vows.solutions.
Date: 2026-05-18T16:52:21Z
Network: openweb
Published URL: https://cracked.st/Thread-50K-SUHQ-MIXED-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting gaming platforms including Fortnite, Minecraft, Valorant, Steam, and Rockstar
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,855 Hotmail credentials marketed as fresh and high-quality. The list is advertised for use against gaming platforms including Fortnite, Minecraft, Valorant, Steam, and Rockstar. Contact is provided via Telegram.
Date: 2026-05-18T16:52:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1855x-%E2%AD%90%E2%AD%90-FRESH-HQ-MIX-MAIL-%E2%AD%90%E2%AD%90-FORNITE-MINECRAFT-VALORANT-STEAM-ROCKSTAR-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Quizlet Premium account or subscription service
Category: Services
Content: A forum user is selling what is advertised as a 1-year Quizlet Premium study workflow support service for $24.99. The post is likely offering unauthorized or cracked Quizlet Premium access disguised as a study guidance service. No specific victim organization or breach data is involved.
Date: 2026-05-18T16:51:35Z
Network: openweb
Published URL: https://cracked.st/Thread-24-99-%E2%9C%85-Study-Smarter-All-Years-%E2%80%93-Quizlet-Premium-1-Year-Learning-Workflow-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Olympia CPA Firm by atig313
Category: Defacement
Content: On May 18, 2026, a threat actor using the handle atig313 defaced the website of Olympia CPA Firm, a certified public accounting organization. The attacker targeted a specific page (atig313.htm) on the firms domain, likely as a means of demonstrating unauthorized access. The incident was a single-page defacement with no team affiliation reported.
Date: 2026-05-18T16:42:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924732
Screenshots:
None
Threat Actors: atig313
Victim Country: United States
Victim Industry: Financial Services / Accounting
Victim Organization: Olympia CPA Firm
Victim Site: olympiacpafirm.com
Sale of 100K ULP combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 username:login:password (ULP) credentials in TXT format. The post advertises a service called Mint Services claiming to provide daily leaks. No specific victim organization or breach source is identified.
Date: 2026-05-18T16:40:58Z
Network: openweb
Published URL: https://cracked.st/Thread-X100K-ULP-TXT
Screenshots:
None
Threat Actors: Mallevado
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Amazon and Walmart accounts
Category: Combo List
Content: A threat actor on Cracked.st is distributing a combo list of approximately 2.4 million email:password credentials purportedly suitable for credential stuffing against Amazon and Walmart. The post markets the data as private and high quality with many valid hits. Amazon and Walmart are credential-stuffing targets, not breach victims.
Date: 2026-05-18T16:40:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-2-4M-%E3%80%8D%E2%9A%A1-AMAZON-WALMART-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1GOOD-QUALITY-AND-MANY-HITS%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 23K fresh email access combo list mix
Category: Combo List
Content: A threat actor on Cracked.st is sharing a combo list marketed as 23K fresh mail access mix, containing email and password pairs. No specific victim organization or breach source is identified.
Date: 2026-05-18T16:40:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-23K-FRESH-MAIL-ACCESS-MIX–2095819
Screenshots:
None
Threat Actors: FetahosKR5
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 14,240 email:password credentials
Category: Combo List
Content: A combo list of approximately 14,240 semi-validated email and password credentials is being shared on the forum. The post markets the credentials as fresh with good line quality and some two-factor authentication coverage.
Date: 2026-05-18T16:39:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-14-240-Semi-Valide-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of European mixed combo list with 11,523 credentials
Category: Combo List
Content: A threat actor shared a European mixed combo list containing 11,523 email and password combinations on a public forum. The list is described as private and full-access (FA). No specific victim organization or service is identified.
Date: 2026-05-18T16:39:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-11-523-Private-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 42.7 million alleged valid credentials
Category: Combo List
Content: A forum user shared a combo list titled 42,737K VALID HOTMAIL.txt on a cracking forum. The list allegedly contains approximately 42.7 million valid Hotmail credentials intended for credential stuffing. No additional details were available in the post content.
Date: 2026-05-18T16:39:15Z
Network: openweb
Published URL: https://cracked.st/Thread-42-737K-VALID-HOTMAIL-txt
Screenshots:
None
Threat Actors: VIVIABI
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Google Gemini Ultra AI workflow guidance service
Category: Services
Content: A forum user is offering a 1-month AI workflow guidance service purportedly based on Google Gemini Ultra for $24.99. The service claims to provide prompting assistance, productivity support, and use-case guidance for writing, coding, and research tasks. No specific victim organization or compromised data is involved.
Date: 2026-05-18T16:38:48Z
Network: openweb
Published URL: https://cracked.st/Thread-24-99-%E2%9C%85-Pro-AI-Power-for-Advanced-Workflows-%E2%80%93-Google-Gemini-Ultra-1-Month-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AI workflow support service on cybercrime forum
Category: Services
Content: A forum seller is offering a 2-month ChatGPT Business workflow support service for $24.99. The service includes AI prompting guidance, productivity use cases, and setup assistance. No threat activity or victim organization is identified.
Date: 2026-05-18T16:38:32Z
Network: openweb
Published URL: https://cracked.st/Thread-24-99-%E2%9C%85-Scale-Smarter-with-AI-%E2%80%93-ChatGPT-Business-2-Month-Team-Workflow-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 1,657 hits shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 1,657 claimed valid Hotmail credentials on a cracking forum. The post markets the credentials as premium hits from a private cloud mix. Content is gated behind registration or login.
Date: 2026-05-18T16:36:27Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1657x-premium-hotmail-hits-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaaxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List Mix Targeting Yahoo and Gmail Accounts — India-Focused
Category: Combo List
Content: A threat actor shared a 250,000-line email:password combo list sourced from the K2T stealer, marketed as fresh and India-focused with a mix of Yahoo and Gmail credentials. The list is categorized for credential stuffing across multiple services including gaming, shopping, music, and social media platforms. The content is gated behind forum points or a reply requirement.
Date: 2026-05-18T16:34:23Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-K2-INDIA-YAHOO-MIX-250k-fresh
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 4.4K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list of 4.4K Hotmail email and password pairs on a public forum. The credentials were made available via Anonfilesnew.
Date: 2026-05-18T16:32:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-4-4K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Illegal Hacking Services Advertisement
Category: Cyber Attack
Content: User advertising illegal hacking services including Telegram, mobile phones, websites, iCloud, email, IP cameras, Snapchat, LinkedIn, and Reddit account compromise. Also offering stolen funds recovery services. Contact provided via Telegram handle @sureciphern__
Date: 2026-05-18T16:32:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/84336
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of private stealer logs
Category: Logs
Content: A forum user shared a Mega.nz link purportedly containing private stealer logs. No details on victim count, origin, or contents were provided beyond the file link.
Date: 2026-05-18T16:32:11Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-private-logs–20873
Screenshots:
None
Threat Actors: glyn11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 502GB URL:Login:Pass stealer log collection with daily updates
Category: Logs
Content: A threat actor is offering 502GB of URL:user:password stealer logs via a Telegram channel, marketed as fresh with daily updates. The logs appear to be aggregated info-stealer output containing credentials across multiple sites and services.
Date: 2026-05-18T16:30:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-502GB-URL-USER-PASS-FRESH-LOGS-DAILY-UPDATE
Screenshots:
None
Threat Actors: penter121
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List sample release targeting Hotmail accounts
Category: Combo List
Content: A threat actor on a cracking forum has shared a sample combo list of 1,190 Hotmail credentials. The post contains a download link with no additional context or pricing information.
Date: 2026-05-18T16:28:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75687/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4.1K Asia Valid Mail Access
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 4,100 valid mail access credentials associated with Asian targets, dated 18.05. The content is restricted to registered users of the forum.
Date: 2026-05-18T16:28:14Z
Network: openweb
Published URL: https://crackingx.com/threads/75688/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list with 26K credentials
Category: Combo List
Content: A forum member is distributing a mixed mail access combo list containing approximately 26,000 credentials. The content is restricted to registered users of the forum. No specific victim organization or breach source is identified.
Date: 2026-05-18T16:27:56Z
Network: openweb
Published URL: https://crackingx.com/threads/75689/
Screenshots:
None
Threat Actors: FAITHINUS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email/password combo lists for multiple countries
Category: Combo List
Content: A threat actor is distributing email and password combo lists covering multiple countries including Uzbekistan, Venezuela, Vietnam, Zimbabwe, and others. The credentials are being shared via Telegram channels and the forum post requires registration to access the download. No specific victim organization or record count is mentioned.
Date: 2026-05-18T16:27:39Z
Network: openweb
Published URL: https://crackingx.com/threads/75690/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
HDFC AMC Stock Declines 3.8% After Company Reports Cyberattack on IT Infra
Category: Cyber Attack
Content: HDFC Asset Management Companys stock fell 3.8% on Monday following the disclosure of a cyberattack on its IT infrastructure. The incident occurred on May 16 and the company is working to contain it. The stock decline came after the company was notified by an anonymous source. The incident is part of a broader increase in security risks facing Indias financial sector.
Date: 2026-05-18T16:15:03Z
Network: openweb
Published URL: https://www.freepressjournal.in/business/hdfc-amc-stock-declines-38-after-company-reports-cyberattack-on-it-infra
Screenshots:
None
Threat Actors:
Victim Country: India
Victim Industry: Unknown
Victim Organization: HDFC Asset Management Company
Victim Site: hdfcfund.com
Forum chatter: User inquiry about order status on darknet market Drughub
Category: Chatter
Content: A forum user posted on Dread asking about order processing times on the darknet marketplace Drughub. The post contains no threat content, exploit claims, or data breach information. It is general darknet market usage chatter.
Date: 2026-05-18T16:12:54Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/ba6aa5b8a7e8e1c252a8
Screenshots:
None
Threat Actors: Kalinka67 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: European email:password combo list (14,767 records)
Category: Combo List
Content: A combo list of approximately 14,767 semi-validated European credentials in email:password format was shared on the forum. The post is categorized as a free release based on forum context. No specific victim organization is identified.
Date: 2026-05-18T16:12:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-14-767-Semi-Valide-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,700 UHQ mixed mail credentials shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,700 allegedly high-quality mixed email credentials on a cracking forum. The post title indicates these are email:password pairs marketed as UHQ (ultra-high quality). No additional details are available from the post content.
Date: 2026-05-18T16:12:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1700-UHQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail Combo List of 922,951 Lines
Category: Combo List
Content: A threat actor has shared a combo list containing 922,951 email:password lines targeting Hotmail.com accounts. The list is marketed as high quality and is likely intended for credential stuffing. No specific breach victim or organization is associated with this post.
Date: 2026-05-18T16:12:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-922-951-Lines-%E2%9C%85-Hotmail-com-Combolist-HQ-LEaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of European mixed accounts (34,395 records)
Category: Combo List
Content: A combo list of 34,395 email:password pairs described as a Private FA Europa Mix was shared on a public forum. The list appears to target European accounts across mixed services. No specific breached organization is identified.
Date: 2026-05-18T16:11:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-34-395-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged cracked/shared game accounts for Forza Horizon 6 Premium Edition
Category: Services
Content: A forum seller is offering online activation of Forza Horizon 6 Premium Edition via private accounts, advertised as providing lifetime multiplayer access on PC. The listing appears to involve unauthorized account sharing or activation bypassing legitimate licensing. No specific breach victim or stolen dataset is identified.
Date: 2026-05-18T16:11:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Forza-Horizon-6-Premium-Edition-PC-Lifetime-Online-Private-Account–2095800
Screenshots:
None
Threat Actors: darkmager4559
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo lists for credential stuffing across multiple targets
Category: Combo List
Content: A threat actor is offering combo lists for credential stuffing against user-specified target sites, advertising availability for any country. The service includes a free test before commitment and directs interested parties to a Telegram contact.
Date: 2026-05-18T16:10:40Z
Network: openweb
Published URL: https://cracked.st/Thread-NFA-COMBO-UHQ-FOR-YOUR-TARGET-WITH-TEST-FIRST
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of gaming-focused credentials (250,000 lines)
Category: Combo List
Content: A threat actor is distributing a combo list of 250,000 email:password pairs sourced from the K2T stealer, marketed as gaming-focused credentials. The list is available for free download upon forum reply or points payment. Credentials span multiple Hotmail domains and are labeled as a gaming and email mix.
Date: 2026-05-18T16:10:03Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-K2-GAMING-MIX-250k
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 250,000 Gmail Credentials Distributed on Forum
Category: Combo List
Content: A threat actor shared a combo list of 250,000 Gmail email:password pairs sourced from the K2T stealer, marketed as fresh. The list is described as containing credentials associated with gaming, Poland, and United Kingdom users, and is available for free download upon forum reply.
Date: 2026-05-18T16:09:10Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-K2-GMAIL-MIX-250k-Fresh
Screenshots:
None
Threat Actors: firstweekout
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of IMAP credential combo list
Category: Combo List
Content: A threat actor is selling approximately 3,000 IMAP credentials, including Hotmail and mixed accounts, advertised as private. The seller offers tiered pricing ranging from $7 for 3 days to $100 for lifetime access.
Date: 2026-05-18T16:07:45Z
Network: openweb
Published URL: https://patched.to/Thread-3k-imap-by-blackcloversuppprt
Screenshots:
None
Threat Actors: Dataseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 16K Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 16,000 claimed valid mixed mail access credentials. The content is gated behind forum registration or login. Credentials are marketed as high quality and fresh as of May 18.
Date: 2026-05-18T16:07:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-16k-full-valid-mail-access-mix-top-quality-18-05
Screenshots:
None
Threat Actors: CitronCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 388K French email credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 388,000 French email and password pairs via an anonymous file-sharing service. The credentials appear to be aggregated from multiple sources and are marketed for credential stuffing use.
Date: 2026-05-18T16:07:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-388K-France-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of STORM Information Stealer Malware for Professionals
Category: Malware
Content: A threat actor operating under the alias StormStealer is advertising STORM, a C++-based information stealer marketed as a professional-grade tool. The malware features dynamic browser credential grabbing, server-side data processing, App-Bound Encryption bypass, and obfuscated builds compiled on Windows Server to evade detection. The stealer is offered as a service with a web panel, proxy bridge support, and per-build compilation.
Date: 2026-05-18T16:06:44Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325632
Screenshots:
None
Threat Actors: StormStealer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate combo list with 2 million credentials
Category: Combo List
Content: A threat actor is distributing a corporate-themed combo list containing approximately 2 million credential pairs via a cracking forum and associated Telegram channels. The post advertises free combo lists and tools through external Telegram groups. No specific victim organization or breach source is identified.
Date: 2026-05-18T16:05:00Z
Network: openweb
Published URL: https://crackingx.com/threads/75683/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combolist with 74,581 lines
Category: Combo List
Content: A threat actor on CrackingX is sharing a mix combolist containing 74,581 lines, marketed as fresh. The content is restricted to registered users and promoted via a Telegram channel.
Date: 2026-05-18T16:04:43Z
Network: openweb
Published URL: https://crackingx.com/threads/75684/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of stealer log pack (2.5GB+)
Category: Combo List
Content: A threat actor has shared a 2.5GB+ pack of stealer logs via Mega.nz, with the decryption password distributed through a Telegram channel. No specific victim organization or country is identified in the post.
Date: 2026-05-18T16:04:26Z
Network: openweb
Published URL: https://crackingx.com/threads/75685/
Screenshots:
None
Threat Actors: maicolpg19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 8.8 million URL:Login:Password combo list
Category: Combo List
Content: A forum user has freely distributed a combo list containing approximately 8.8 million URL:login:password credential pairs. The post markets the content as high quality and is attributed to MetaCloud. No specific victim organization or breach source is identified.
Date: 2026-05-18T15:49:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-8-8M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 23,059 Fresh Credentials
Category: Combo List
Content: A combo list of 23,059 email:password credentials is being shared on a cracking forum. The post markets the credentials as fresh and full access (FA) quality. No specific victim organization or service is identified.
Date: 2026-05-18T15:48:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-23-059-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials (600 entries)
Category: Combo List
Content: A threat actor shared a combo list of 600 Hotmail email and password pairs, marketed as UHQ (ultra-high quality). The post was made on a public cracking forum and no further details were available in the post content.
Date: 2026-05-18T15:48:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X4-600-UHQ-HOTMAIL-MAILS-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Semi-valid European mix combo list with 11,570 credentials
Category: Combo List
Content: A combo list of approximately 11,570 semi-valid email:password credential pairs targeting European accounts was shared on a cracking forum. The list is described as a mixed European combo, likely intended for credential stuffing attacks.
Date: 2026-05-18T15:47:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-11-570-Semi-Valide-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list
Category: Combo List
Content: A threat actor shared a combo list of 160 claimed valid Hotmail credentials on a cracking forum. The post contains no additional details about the source or verification method of the credentials.
Date: 2026-05-18T15:47:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X160-HOTMAIL-VALID
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of DataCamp account or subscription access service
Category: Services
Content: A forum user is offering a $19.99 service advertised as 12-month DataCamp learning workflow support, likely representing unauthorized access to or resale of DataCamp subscription accounts. The post is listed under a cracking forums products section and solicits contact via Telegram.
Date: 2026-05-18T15:47:04Z
Network: openweb
Published URL: https://cracked.st/Thread-19-99-%E2%9C%85-Master-Data-Skills-All-Years-%E2%80%93-DataCamp-12-Month-Learning-Workflow-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German combo list with approximately 68,560 credentials
Category: Combo List
Content: A threat actor is sharing a high-quality mixed combo list of approximately 68,560 credentials targeting German users. The post advertises daily fresh supplies of 4K–12K credentials and markets the content as private and encrypted. Access requires engagement with the post.
Date: 2026-05-18T15:44:04Z
Network: openweb
Published URL: https://crackingx.com/threads/75681/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of 6.8K German email credentials
Category: Combo List
Content: A threat actor known as Kommander0 shared a combo list of approximately 6.8K German email credentials via an external file-sharing link. The post is categorized as a combolist targeting German mail access. No specific victim organization or breach source was identified.
Date: 2026-05-18T15:43:48Z
Network: openweb
Published URL: https://crackingx.com/threads/75682/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 314K Mixed Email/Password Credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 314,000 mixed email and password pairs via an external file-sharing link. The credentials appear to be aggregated from multiple sources and are not attributed to a specific organization or breach.
Date: 2026-05-18T15:42:56Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-314K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting gaming services with 48K credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of approximately 48,000 email and password pairs purportedly targeting gaming services. The list was made available via an external file-sharing link. No specific victim organization or breach source was identified.
Date: 2026-05-18T15:41:18Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Gaming-48K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distributed via anonymous file hosting
Category: Combo List
Content: A threat actor on a dark web forum has distributed what is described as fresh credential data via an anonymous file hosting link. The post offers the content for free and appears to be sourced from a Telegram channel associated with onionbreach. No specific victim organization or record count is identified.
Date: 2026-05-18T15:40:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-FREEBIES-FRESH-DATA-TODAY
Screenshots:
None
Threat Actors: chechnyafsbc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution
Category: Combo List
Content: A forum user is distributing a combo list for free on a darknet forum. No details about the target service, record count, or data origin are provided in the post.
Date: 2026-05-18T15:39:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-GET-FREE-COMBO
Screenshots:
None
Threat Actors: chechnyafsbc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Discord user lookup and activity tracking service offered for sale
Category: Services
Content: A threat actor is advertising Spectare, a Discord OSINT lookup tool available at specta.re, offering per-lookup pricing starting at $0.10 via cryptocurrency. The service indexes Discord user profiles, message history, server presence, voice activity, and username history from servers the operators network has access to. No specific victim organization is identified; the service is marketed to forum members as a general-purpose surveillance and OSINT tool.
Date: 2026-05-18T15:38:44Z
Network: openweb
Published URL: https://breached.st/threads/magnifying-glass-tilted-right-discord-lookup-tool-0-10-lookups.87311/unread
Screenshots:
None
Threat Actors: kingstatustrue
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 3,960 Hotmail credentials
Category: Combo List
Content: A threat actor has shared a combo list of 3,960 claimed valid Hotmail credentials on a public forum. The post markets the content as UHQ MIX and references private cloud access. The content is hidden behind a registration/login wall.
Date: 2026-05-18T15:27:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-x3960-valid-uhq-mix%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa04
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email access combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 3,265 mixed email access credentials on a cybercrime forum. The content is hidden behind a registration or login wall, limiting visibility into the specific email providers or data fields included.
Date: 2026-05-18T15:27:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3265x%E2%9A%A1mix-mail%E2%9A%A1access%E2%9A%A1
Screenshots:
None
Threat Actors: redhat29x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of leepoet.com by C10F./X404
Category: Defacement
Content: Indonesian defacer group C10F./X404 claims to have defaced multiple pages on nav.leepoet.com, including the main domain and several numbered error pages (401-405). The defacement was announced in the Rakyat Digital Crew channel.
Date: 2026-05-18T15:20:42Z
Network: telegram
Published URL: https://t.me/c/3755871403/522
Screenshots:
None
Threat Actors: C10F./X404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: leepoet.com
Victim Site: nav.leepoet.com
Sale of European private combo list with 22,502 credentials
Category: Combo List
Content: A threat actor is distributing a private combo list of 22,502 email:password pairs purportedly sourced from European accounts. The list is marketed as full-access (FA) credentials. No specific victim organization or breach source is identified.
Date: 2026-05-18T15:19:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-22-502-Private-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 2.6 million mixed European credentials shared on cracking forum
Category: Combo List
Content: A threat actor on a cracking forum has shared a combo list of approximately 2.6 million email:password pairs sourced from France, Germany, the UK, and Poland, including corporate accounts. The credentials are marketed as a private base suitable for use against any target.
Date: 2026-05-18T15:19:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A12-6M-FR-DE-CORP-MIX-UK-PL%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 10,954 email:password credentials shared on cracking forum
Category: Combo List
Content: A combo list containing approximately 10,954 semi-valid email and password pairs was shared on a cracking forum. The credentials are marketed as fresh with good hit lines. No specific victim organization or targeted service is identified.
Date: 2026-05-18T15:18:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-954-Semi-Valide-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate business combo list with 70,238 records
Category: Combo List
Content: A forum user shared a combo list advertised as corporate business leads containing 70,238 email and password pairs. No specific victim organization or breach source was identified in the post.
Date: 2026-05-18T15:18:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-70-238-Corp-Lead-Bussines-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 10K Spotify credential combo list
Category: Combo List
Content: A threat actor shared a link purportedly containing 10,000 Spotify user:password credential pairs on a public forum. The post is categorized as a combo list intended for credential stuffing against Spotify accounts.
Date: 2026-05-18T15:16:30Z
Network: openweb
Published URL: https://breached.st/threads/user-pass-10k-spotify-private-combo.87310/unread
Screenshots:
None
Threat Actors: supergirl
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged full access compromise of Bank Hapoalim (bankhapoalim.co.il)
Category: Initial Access
Content: A threat actor identified as MDGhost claims to have full access to Bank Hapoalims systems, asserting real-time visibility into the banks data. The actor provides Telegram and Session messenger contact details, suggesting the access may be available for sale or coordination. No further details on the extent of compromised data or methods used are provided.
Date: 2026-05-18T15:15:46Z
Network: openweb
Published URL: https://breached.st/threads/bankhapoalim-co-il-full-access.87309/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Israel
Victim Industry: Finance
Victim Organization: Bank Hapoalim
Victim Site: bankhapoalim.co.il
Alleged data breach of multiple Serbian telecom providers including Telekom Srbija and Yettel Serbia
Category: Data Leak
Content: A threat actor operating under the alias RubiconH4ck claims to have leaked a database allegedly containing 72 million records from multiple Serbian telecommunications providers, including Telekom Srbija, Yettel Serbia, CETIN Serbia, A1 Serbia, SBB, Orion Telekom, and YUNET International. The leaked data fields include full names, national ID numbers (JMBG), addresses, mobile and fixed-line phone numbers, installation dates, service package details, and STB serial numbers. The data is being freel
Date: 2026-05-18T15:14:40Z
Network: openweb
Published URL: https://breached.st/threads/72-millions-telecom-serbia-database-2025-2026.87308/unread
Screenshots:
None
Threat Actors: RubiconH4ck
Victim Country: Serbia
Victim Industry: Telecommunications
Victim Organization: Telekom Srbija, Yettel Serbia, CETIN Serbia, A1 Serbia, SBB, Orion Telekom, YUNET International
Victim Site: telekomsrbija.com
Alleged sale of mail account access and credential tools by DataxLogs
Category: Initial Access
Content: Threat actor operating under the handle DataxLogs is offering mail account access across multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan) along with configs, scripts, tools, hits, and combolists. The actor warns of impersonators using similar usernames with single letter changes.
Date: 2026-05-18T15:06:36Z
Network: telegram
Published URL: https://t.me/c/2613583520/84295
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential search engine service with over 2 billion indexed credentials
Category: Services
Content: A threat actor is advertising Laika Search, a credential search engine offering access to over 2 billion indexed credentials. The platform supports domain, URL, email, username, and login:password queries across 40+ sources with real-time database updates every two minutes. The service is accessible via a subscription dashboard at laikasearch.tech.
Date: 2026-05-18T15:06:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Laika-Search-%E2%80%94-Advanced-Credential-Search-Engine–2095743
Screenshots:
None
Threat Actors: black444
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: laikasearch.tech
Distribution of 6.3 million combo list lines
Category: Combo List
Content: A threat actor on Cracked.st is freely distributing a combo list of approximately 6.3 million URL:login:password (ULP) lines, marketed as private and fresh. The post claims the credentials are suitable for general-purpose credential stuffing.
Date: 2026-05-18T15:05:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E3%80%8C-6-3-MILLIONS-%E3%80%8D%E2%9A%A1-ULP%E2%9A%A1-100-PRIVATE-LINES-%E2%9A%A1-GOOD-FOR-ANYTHING-%E2%9A%A1FRESH%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 10 million URL:log:pass combo list mixing USA, UK, FR, DE, PL data
Category: Combo List
Content: A threat actor operating under the alias MetaCloud3 shared a combo list of approximately 10 million URL:log:pass credential pairs, purportedly sourced from the United States, United Kingdom, France, Germany, and Poland. The dataset was made available for free on a cracking forum. No specific victim organization is identified.
Date: 2026-05-18T15:05:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90-10-MILLION-URL-LOG-PASS%E2%AD%90-16-05-2026-%E2%AD%90-USA-UK-FR-DE-PL-MIX
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 6.6 million ULP credentials shared on cracked.st
Category: Combo List
Content: A threat actor known as MetaCloud3 has made available a combo list containing approximately 6.6 million username:password:login (ULP) credential pairs, described as 100% private lines. The post was published on cracked.st on May 18 and claims the data is newly released.
Date: 2026-05-18T15:04:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E3%80%8C-6-6-MILLIONS-%E3%80%8D%E2%9A%A1-ULP%E2%9A%A1-100-PRIVATE-LINES-%E2%9A%A1-NEW-18-05%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1.4 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 1.4 million Hotmail email and password combinations, claimed to be from a private base. The post advertises the credentials as suitable for credential stuffing against any target.
Date: 2026-05-18T15:04:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A11-4M-HOTMAIL-USA%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Poland and Italy Email Access Mix
Category: Combo List
Content: A threat actor is distributing a mix of approximately 1,300 email credentials allegedly sourced from Poland and Italy. The post claims the data was previously shared in private groups 4–7 days before public release.
Date: 2026-05-18T15:04:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8%E2%9D%87%EF%B8%8F1-3k-POLAND-ITLAY-MAIL-ACCESS-MIX%E2%9D%87%EF%B8%8F%E2%9C%A8-17-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of private email access combo list with 55,004 records
Category: Combo List
Content: A combo list advertised as containing 55,004 private email and password credentials with full access (FA) was shared on a cracking forum. No additional details are available from the post content.
Date: 2026-05-18T15:03:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55-004-Private-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of crypto-targeted Gmail combo list with 591,590 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 591,590 email:password lines purportedly targeting cryptocurrency platforms. The credentials are Gmail-based and marketed for use in credential stuffing against crypto services. No specific victim organization or breach source is identified.
Date: 2026-05-18T15:03:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-591-590-Lines-%E2%9C%85-Crypto-target-Combolist-Gmail
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor is distributing 364 Hotmail credential hits on a cracking forum. The post offers a download link for the combo list, marketed as premium hits. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T15:03:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-364x-PREMIUM-HOTMAILS-HITS-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: VALID_HITS99
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram TData session files
Category: Logs
Content: A forum user is offering 12 Telegram TData session files, including one labeled as premium, via hidden content accessible to registered members. TData files contain Telegram session tokens that allow unauthorized access to the associated accounts without requiring credentials or 2FA.
Date: 2026-05-18T15:03:05Z
Network: openweb
Published URL: https://patched.to/Thread-12x-valid-tdata-files-x1-premium
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate email:password combo list with 2.23 million records
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list marketed as corporate email and password pairs totalling 2.23 million records. The post claims the data is private and of good quality with many valid hits. No specific victim organization or breach source is identified.
Date: 2026-05-18T15:02:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-2-23M-%E3%80%8D%E2%9A%A1-CORP-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1GOOD-QUALITY-AND-MANY-HITS%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2.2 million US-targeted email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.2 million email:password credentials allegedly targeting United States users. The post markets the list as sourced from a private base and suitable for credential stuffing against any target. No specific victim organization or breach source is identified.
Date: 2026-05-18T15:02:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A12-2M-COUNTRY-TARGET-USA%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Reddit combo list with 2.1 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.1 million credentials marketed as useful for credential stuffing against Reddit. The post claims the data is private and of high quality with many valid hits.
Date: 2026-05-18T15:02:24Z
Network: openweb
Published URL: https://patched.to/Thread-streaming-%E3%80%8C-2-1m-%E3%80%8D%E2%9A%A1-reddit-%E2%9A%A1-100-private-data-%E2%9A%A1good-quality-and-many-hits%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list targeting European accounts with 22,953 credentials
Category: Combo List
Content: A threat actor shared a combo list marketed as private and FA (full access) containing 22,953 email:password pairs purportedly targeting European accounts. The post was made available on a public combolist forum. No specific victim organization or service is identified.
Date: 2026-05-18T15:02:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-22-953-Private-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list marketed as 1.7 million PayPal credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.7 million credentials marketed as suitable for use against PayPal and other targets. The post describes the data as a private base and is shared via hidden content requiring forum registration. The author also advertises a commercial combo cloud service.
Date: 2026-05-18T15:01:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A11-7m-paypal%E2%9A%A1private-base-good-on-any-target%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user shared what appears to be an email:password combo list targeting Hotmail accounts. No record count or additional details were provided in the post.
Date: 2026-05-18T15:01:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-hotmail–2095760
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting XNXX with 1.4 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1.4 million credentials marketed as targeting XNXX, described as private data with many hits. The post is associated with a self-advertised combo cloud service and requires forum registration to access the hidden content.
Date: 2026-05-18T15:01:28Z
Network: openweb
Published URL: https://patched.to/Thread-porn-%E3%80%8C-1-4m-%E3%80%8D%E2%9A%A1-xnxx-%E2%9A%A1-100-private-data-%E2%9A%A1good-quality-and-many-hits%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Outlook combo list with 90,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 90,000 Outlook credentials marketed as fresh and high quality. The post is sponsored by an external service. Outlook is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T15:01:22Z
Network: openweb
Published URL: https://cracked.st/Thread-90K-UHQ-OUTLOOK-COMBO-FRESH–2095764
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list with 115K credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 115,000 UHQ Yahoo credentials marketed as fresh. The post is sponsored by slateaio.com, suggesting use with credential-stuffing tools. Yahoo is the targeted service, not the breach source.
Date: 2026-05-18T15:01:05Z
Network: openweb
Published URL: https://cracked.st/Thread-115K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SendGrid SMTP credentials with API keys
Category: Services
Content: A threat actor is selling SendGrid SMTP credentials paired with API keys, advertised as having a 50,000 sending limit, zero spam rate, and paid plan status. The seller claims fresh daily stock and directs buyers to a Telegram channel for updates and purchases. These resources are commonly used for phishing and spam campaigns.
Date: 2026-05-18T15:01:00Z
Network: openweb
Published URL: https://crackingx.com/threads/75665/
Screenshots:
None
Threat Actors: imi_jav1995
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2.4 million Roblox-themed combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.4 million credentials marketed as a private base suitable for credential stuffing against Roblox and other targets. The post advertises the data as part of a broader combo cloud service offering.
Date: 2026-05-18T15:00:54Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%9A%A12-4m-roblox%E2%9A%A1private-base-good-on-any-target%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 500K UHQ Mixed Mail Combo List
Category: Combo List
Content: A threat actor is sharing a combo list of 500,000 mixed email credentials marketed as fresh and high quality. The post is sponsored by an external service and distributed via a cracking forum.
Date: 2026-05-18T15:00:48Z
Network: openweb
Published URL: https://cracked.st/Thread-500K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of web hacking and SQL injection services
Category: Services
Content: A forum post advertises web hacking and SQL injection services, directing interested parties to a Telegram account. No specific victim or technical details are provided.
Date: 2026-05-18T15:00:42Z
Network: openweb
Published URL: https://crackingx.com/threads/75671/
Screenshots:
None
Threat Actors: tanveer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Worldwide Hotmail credential lines
Category: Combo List
Content: A threat actor is distributing a combo list of Hotmail credentials marketed as fresh and high quality. The post was shared on a public cracking forum with content accessible via spoiler tag. No record count or additional details were provided in the visible post content.
Date: 2026-05-18T15:00:29Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8-FRESH-WORLDWIDE-HQ-HOTMAIL-LINES-18-05-26-02-%E2%9C%A8
Screenshots:
None
Threat Actors: Lulpab
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting FetLife and Chaturbate users
Category: Combo List
Content: A threat actor is offering a combo list of approximately 3.7 million credentials marketed as targeting FetLife and Chaturbate users. The post advertises the data as high quality with many hits and describes it as private data. The content is gated behind registration or login on the forum.
Date: 2026-05-18T15:00:23Z
Network: openweb
Published URL: https://patched.to/Thread-porn-%E3%80%8C-3-7m-%E3%80%8D%E2%9A%A1fetlife-chaturbate%E2%9A%A1-100-private-data-%E2%9A%A1good-quality-and-many-hits%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 230,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 230,000 Hotmail credentials marketed as fresh and high quality. The list is intended for credential stuffing against Hotmail accounts. The post is sponsored by vows.solutions.
Date: 2026-05-18T15:00:09Z
Network: openweb
Published URL: https://cracked.st/Thread-230K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mix Combo List
Category: Combo List
Content: A threat actor is distributing a combo list marketed as HQ Mix containing approximately 3,227 credential pairs. The post claims daily supply of 4K–12K fresh credentials available through a private members-only network. The list is advertised as optimized for credential stuffing.
Date: 2026-05-18T15:00:01Z
Network: openweb
Published URL: https://crackingx.com/threads/75664/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany mail access combo list (11K)
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 11,000 German mail access credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-18T14:59:51Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9011k-germany-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 40,544 Mixed Credentials
Category: Combo List
Content: A threat actor shared a combo list of 40,544 email:password credential pairs described as mixed goods on a cracking forum. The post includes an external image link, likely showing a preview of the data. No specific victim organization or service is identified.
Date: 2026-05-18T14:59:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-40-544-Good-MIXED-GOODS-18-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting French email and social/shopping services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3 million credentials purportedly sourced from French email providers (Hotmail FR, Yahoo FR, Orange FR) and social/shopping platforms. The list is being shared via Telegram channels and a cracking forum. No specific breach victim is identified; the named services are credential-stuffing targets.
Date: 2026-05-18T14:59:40Z
Network: openweb
Published URL: https://crackingx.com/threads/75670/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution — URL:Log:Pass format, 8+ million lines (Part 351)
Category: Combo List
Content: A threat actor on a cybercrime forum has shared a free combo list in URL:Log:Pass format containing over 8 million lines, labeled as Part 351 of an ongoing series. The content is gated behind forum registration or login. No specific victim organization or breach source is identified.
Date: 2026-05-18T14:59:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-351
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of approximately 163 high-quality Hotmail credentials on a cracking forum. The post advertises daily supplies of 4K–12K fresh credentials through a private members-only network. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T14:59:22Z
Network: openweb
Published URL: https://crackingx.com/threads/75674/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list by NightFallCloud
Category: Combo List
Content: A threat actor operating as NightFallCloud is distributing a mixed email combo list marketed as fresh, containing approximately 5.4 million lines. The post claims 10,000–20,000 new lines are added daily, with content including Hotmail combos and mixed credentials. Access to the list requires registration or login on the forum.
Date: 2026-05-18T14:59:18Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A15400k-mixmail-uhq-nightfall-cloud
Screenshots:
None
Threat Actors: NightFallCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Apple One subscription setup support service on cracking forum
Category: Services
Content: A forum seller is offering a paid service for $119.99 marketed as Apple One 12-month subscription workflow and setup guidance covering Apple Music, Apple TV+, Apple Arcade, and iCloud+. The listing is posted on a cracking forum and appears to facilitate unauthorized or shared Apple subscription access under the guise of setup support. No specific victim organization or breach is involved.
Date: 2026-05-18T14:59:09Z
Network: openweb
Published URL: https://cracked.st/Thread-119-99-%E2%9C%85-Enjoy-the-Apple-Ecosystem-All-Years-%E2%80%93-Apple-One-12-Month-Setup-Support–2095713
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of JetBrains Developer Pack 1-Year subscription at discounted price
Category: Services
Content: A forum seller is offering a 1-year JetBrains Developer Pack for $14.99, advertised as providing workflow guidance, IDE setup support, and coding productivity assistance. The listing is marketed toward developers, students, and freelancers. No specific victim organization or breach is associated with this post.
Date: 2026-05-18T14:58:53Z
Network: openweb
Published URL: https://cracked.st/Thread-14-99-%E2%9C%85-Build-Better-Software-%E2%80%93-JetBrains-Developer-Pack-1-Year–2095719
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed credentials distributed by D4rkNetHub
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has shared a combo list of approximately 40,544 mixed credentials via a hidden link on a combolist forum. The post is gated behind registration or login and includes an image preview. No specific victim organization or breach source is identified.
Date: 2026-05-18T14:58:47Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-40-544-good-mixed-goods-d4rknethub-cloud-18-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Figma Pro design workflow support service
Category: Services
Content: A forum user is offering a 1-year Figma Pro design workflow guidance service for $14.99. The listing covers UI/UX design support, prototyping, wireframing, and collaboration tips. No threat activity or victim organization is associated with this post.
Date: 2026-05-18T14:58:37Z
Network: openweb
Published URL: https://cracked.st/Thread-14-99-%E2%9C%85-Design-Smarter-All-Years-%E2%80%93-Figma-Pro-1-Year-Creative-Workflow-Support–2095726
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AI workflow guidance service on cybercrime forum
Category: Services
Content: A forum user is offering AI workflow guidance and productivity support services for $150, marketed as ChatGPT Pro 20X Workflow Support. The service claims to provide prompting tips, coding assistance, and productivity setup help. No victim organization or threat activity is present in this post.
Date: 2026-05-18T14:58:22Z
Network: openweb
Published URL: https://cracked.st/Thread-150-%E2%9C%85-Elite-AI-Acceleration-for-Power-Users-%E2%80%93-ChatGPT-Premium-20X-Workflow-Support–2095730
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Hotmail combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1,567 HQ Hotmail credentials on a cybercrime forum. The post advertises daily supply of 4,000–12,000 fresh credentials marketed as untouched and optimized for credential stuffing. Content is gated behind forum registration or login.
Date: 2026-05-18T14:58:17Z
Network: openweb
Published URL: https://patched.to/Thread-1567x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of DataCamp DataLab account or subscription access on cracking forum
Category: Services
Content: A forum user is selling what is advertised as 3-month DataCamp DataLab workflow support for $19.99. The listing is posted on a cracking forum and likely involves unauthorized or shared account access to DataCamp services rather than legitimate resale. The seller promotes it as suitable for data analysts, students, and developers.
Date: 2026-05-18T14:58:02Z
Network: openweb
Published URL: https://cracked.st/Thread-19-99-%E2%9C%85-Analyze-Data-Smarter-%E2%80%93-DataCamp-DataLab-3-Month-Notebook-Workflow-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ valid mail combo list
Category: Combo List
Content: A forum user is sharing a combo list advertised as 256 UHQ (ultra-high quality) valid email credentials. The content is hidden behind a registration or login wall. No specific victim organization or breach source is identified.
Date: 2026-05-18T14:57:52Z
Network: openweb
Published URL: https://patched.to/Thread-256x-uhq-valid-mail
Screenshots:
None
Threat Actors: randiman11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of allegedly unauthorized Headspace 1-year subscription access
Category: Services
Content: A forum user is selling what is advertised as a 1-year Headspace subscription for $19.99, significantly below the standard retail price. The listing is likely selling unauthorized or cracked account access under the guise of wellness workflow guidance. No victim organization or dataset is identified.
Date: 2026-05-18T14:57:46Z
Network: openweb
Published URL: https://cracked.st/Thread-19-99-%E2%9C%85-Build-a-Calmer-Daily-Routine-%E2%80%93-Headspace-1-Year-Mindfulness-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Duolingo Super study workflow guidance service
Category: Services
Content: A forum user is offering a $19.99 service providing Duolingo Super-style language learning workflow guidance for a 12-month period. The listing includes study planning, daily practice tips, and progress tracking support. No threat activity or victim organization is identified.
Date: 2026-05-18T14:57:31Z
Network: openweb
Published URL: https://cracked.st/Thread-19-99-%E2%9C%85-Learn-Languages-Faster-%E2%80%93-Duolingo-Super-12-Month-Study-Workflow-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted ChatGPT Plus subscriptions on cracking forum
Category: Services
Content: A forum user is offering ChatGPT Plus one-year subscriptions at $120, half the stated retail price of $240, via direct message. The listing advertises full access to GPT-4o features. The nature of the discounted access — whether via compromised accounts or unofficial resale — is not disclosed.
Date: 2026-05-18T14:57:05Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8%E2%9C%A8%E2%9C%A8ChatGPT-Plus-%E2%80%93-AI-Assistant-1-Year-ChatGPT-changed-that-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Perplexity Pro subscription access
Category: Services
Content: A forum seller is offering Perplexity Pro one-year subscription access for $25, significantly below the retail price of $200. The post advertises AI-powered search features and instructs buyers to DM for account access. The nature of the discounted access (shared, cracked, or otherwise unauthorized accounts) is not explicitly stated.
Date: 2026-05-18T14:56:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8FPerplexity-Pro-%E2%80%93-AI-Powered-Search-1-Year-fully-transparent%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SendGrid SMTP credentials with API keys
Category: Services
Content: A threat actor is offering SendGrid SMTP accounts with API keys for sale, advertising a 50,000 sending limit, inbox delivery, zero spam rate, and paid-plan status. The seller claims fresh daily stock and directs buyers to contact via Telegram. These credentials are likely compromised accounts intended for spam or phishing campaign abuse.
Date: 2026-05-18T14:56:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-sendgrid-SMTP-KEY-Inbox-Tested
Screenshots:
None
Threat Actors: imi_jav1995
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Money mule recruitment for German online banking account acquisition
Category: Chatter
Content: A forum user is recruiting individuals in Germany to open and hand over verified online banking accounts (N26, Bunq) with German IBANs and phone numbers. The actor offers to purchase fully verified accounts, indicating a money mule or financial fraud operation.
Date: 2026-05-18T14:54:10Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/e8933120a28d2aa0a112
Screenshots:
None
Threat Actors: swapper007 P sippieswappieswop
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of VIP Universal Medical Insurance Group Inc (VUMI)
Category: Data Breach
Content: A threat actor claims to be selling a database exfiltrated from VIP Universal Medical Insurance Group Inc (VUMI) following a ransomware attack and failed ransom negotiations. The alleged dataset includes PII with Social Security numbers, passport documents, and W-9 forms for approximately 300,000 insured individuals and 25,000 staff, partners, and agents. The actor threatens to release the data for free within a week and has included purported court filings and negotiation correspondence as proo
Date: 2026-05-18T14:53:08Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-USA-VIP-Universal-Medical-Insurance-Group-Inc
Screenshots:
None
Threat Actors: kalabaz
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: VIP Universal Medical Insurance Group Inc
Victim Site: vumigroup.com
Website Defacement of Invincible Worldwide by Threat Actor Zod
Category: Defacement
Content: On May 18, 2026, threat actor Zod defaced a page on invincibleworldwide.com, targeting the URL https://invincibleworldwide.com/zod.html. The attack was a targeted single-page defacement hosted on a cloud-based infrastructure. No specific motive or proof of concept was disclosed in association with this incident.
Date: 2026-05-18T14:50:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249377
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Business Services
Victim Organization: Invincible Worldwide
Victim Site: invincibleworldwide.com
Alleged data breach of BitBox hardware wallet
Category: Data Breach
Content: A threat actor is offering data allegedly sourced from BitBox, a hardware cryptocurrency wallet provider. The dataset reportedly includes personal information such as email addresses, names, phone numbers, IP addresses, job titles, and order-related details. The actor is directing interested parties to a Telegram channel for purchase inquiries.
Date: 2026-05-18T14:50:12Z
Network: openweb
Published URL: https://altenens.is/threads/bitbox-hardware-wallet-data.2942315/unread
Screenshots:
None
Threat Actors: farihaarpita590
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: BitBox
Victim Site: bitbox02.io
Mass Website Defacement of zameen365.com by Threat Actor Zod
Category: Defacement
Content: On May 18, 2026, threat actor Zod operating under the team name Zod conducted a mass defacement attack targeting zameen365.com, a real estate-related website. The defacement was recorded at the URL https://zameen365.com/zod.html and is classified as a mass defacement incident rather than a homepage defacement. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-18T14:49:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249380
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Zameen365
Victim Site: zameen365.com
40K Fresh Germany Mail Access Combo List
Category: Combo List
Content: A threat actor shared a combo list of 40,000 alleged German mail access credentials, dated 18.05. The list is gated behind a reply requirement and marketed as fresh.
Date: 2026-05-18T14:49:12Z
Network: openweb
Published URL: https://altenens.is/threads/40k-fresh-germany-mail-access-18-05.2942324/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mix Mail Access (1,900 credentials)
Category: Combo List
Content: A forum member is sharing a combo list of approximately 1,900 mixed email and password credentials. The content is hidden behind a registration/login wall. No specific victim organization or breach source is identified.
Date: 2026-05-18T14:48:48Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1900x-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisakix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on leak forum
Category: Combo List
Content: A threat actor is distributing a Hotmail combo list described as private and fresh, checked by the author. Content is hidden behind a registration/login gate on the forum. No record count or sample data is visible.
Date: 2026-05-18T14:48:26Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1HOTMAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–20862
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credentials (415 lines)
Category: Combo List
Content: A forum user is distributing a combo list of 415 Hotmail credentials behind a registration/login gate. The content is hidden and accessible only to registered forum members. No breach source or origin is specified.
Date: 2026-05-18T14:47:59Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-415x%E2%9A%A1HOTMAIL%E2%9A%A1ACCESS%E2%9A%A1
Screenshots:
None
Threat Actors: RedHat29x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Fitness Business Website by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting the fitness business website 3P Fitness by Sanmati, defacing the page located at /zod.html on May 18, 2026. The incident is classified as a mass defacement, suggesting multiple sites were targeted as part of the same operation. The defacement was archived and mirrored via haxor.id.
Date: 2026-05-18T14:47:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249379
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Health & Fitness
Victim Organization: 3P Fitness by Sanmati
Victim Site: 3pfitnessbysanmati.com
Combo List: HQ Hotmail Credentials (1,428 entries)
Category: Combo List
Content: A user on a combo list forum shared a set of 1,428 purportedly high-quality Hotmail credentials. The content is hidden behind a registration or login gate. No specific breach victim or organization is identified.
Date: 2026-05-18T14:47:25Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1428-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of MixMail fresh UHQ combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,800 mixed email credentials marketed as fresh and UHQ (ultra-high quality). The content is hidden behind a forum registration/login wall and is associated with a channel called GoodTimes Cloud.
Date: 2026-05-18T14:47:03Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%8E%9D-1800-%E2%8E%A0-MIXMAIL-FRESH-UHQ%E2%9C%A8GOODTIMES-CLOUD
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix unique combo list with 429,000 records
Category: Combo List
Content: A mix unique combo list containing approximately 429,000 credential pairs has been shared on a leak forum as hidden content, accessible to registered members. No specific victim organization or service is identified in the post.
Date: 2026-05-18T14:46:42Z
Network: openweb
Published URL: https://leakforum.io/Thread-MIX-Unique-Combo-3-429000
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Batery88 by Threat Actor Zod
Category: Defacement
Content: The website batery88.com was defaced by a threat actor operating under the alias Zod on May 18, 2026. The attacker targeted a specific page (zod.html) on what appears to be a battery or electronics retail website hosted on a cloud infrastructure. The incident was a targeted single-page defacement, with a mirror of the defaced content archived at haxor.id.
Date: 2026-05-18T14:46:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249378
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Batery88
Victim Site: batery88.com
Alleged data breach of Inspektorat Pandeglang Kabupaten
Category: Data Breach
Content: A threat actor posted what is claimed to be a database dump from Inspektorat Pandeglang Kabupaten, an Indonesian regional government inspectorate. The post was shared on a known data breach forum. No further details regarding record count or data fields are visible in the post.
Date: 2026-05-18T14:44:16Z
Network: openweb
Published URL: https://breached.st/threads/database-inspektorat-pandeglang-kab-go-id.87305/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Inspektorat Pandeglang Kabupaten
Victim Site: inspektorat.pandeglangkab.go.id
Free distribution of combo list via Telegram channel
Category: Combo List
Content: A threat actor using the handle zoood has freely distributed a combo list labeled VIP ULP via a Pixeldrain link. The password for the archive is gated behind a Telegram channel. No specific victim organization or record count is disclosed.
Date: 2026-05-18T14:43:47Z
Network: openweb
Published URL: https://breached.st/threads/vip-ulp-by-hello_zod_bot.87307/unread
Screenshots:
None
Threat Actors: zoood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of MIASS Homadiyah School by Ushiromiya
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the alias Ushiromiya defaced a web management page belonging to MIASS Homadiyah, an Indonesian educational institution. The attack targeted a subdomain of the schools website running on a Linux-based server. The incident was recorded as a single-target defacement, not part of a mass defacement campaign.
Date: 2026-05-18T14:40:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249376
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIASS Homadiyah School
Victim Site: cobaspp.miasshomadiyah.sch.id
Alleged sale of mail account access with credentials and tools
Category: Initial Access
Content: Threat actor offering mail access with live proof and testing capabilities across multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Seller claims to provide configs, scripts, tools, hits, and combolists. Contact via @EngineeringPhantom.
Date: 2026-05-18T14:20:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/84264
Screenshots:
None
Threat Actors: EngineeringPhantom
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum chatter post with no actionable content
Category: Chatter
Content: A forum post from user HugBunter on Dread contained no actionable content. No threat intelligence could be extracted.
Date: 2026-05-18T14:12:30Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/fd7eb6f01ec93e71d8a5/?context=34a4175b09abbe2575#c-8586da25a2912f5ff3
Screenshots:
None
Threat Actors: HugBunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Uruguay government identity databases by lapampaleaks
Category: Data Breach
Content: Threat actor lapampaleaks claims to have accessed Uruguayan government databases including the TuID (digital identity system) and other government systems, extracting citizen identity information. Attackers published sample data from political officials as proof of access.
Date: 2026-05-18T14:00:18Z
Network: telegram
Published URL: https://t.me/c/1283513914/21797
Screenshots:
None
Threat Actors: lapampaleaks
Victim Country: Uruguay
Victim Industry: Government
Victim Organization: Government of Uruguay
Victim Site: Unknown
Alleged chain of vulnerabilities in OpenClaw enabling sandbox escape and host compromise
Category: Vulnerability
Content: Four chained vulnerabilities discovered in OpenClaw that could be exploited to escape sandbox environments, escalate privileges, and deploy backdoors on host systems. The vulnerabilities expose sensitive data and over 60,000 public instances were reportedly at risk. Security patches have been released.
Date: 2026-05-18T13:53:24Z
Network: telegram
Published URL: https://t.me/c/1283513914/21796
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: OpenClaw
Victim Site: Unknown
Forum chatter post with no actionable threat content
Category: Chatter
Content: A forum post on Dread by user DrugHub contains no actionable content. The post appears to be a user-to-user dispute or follow-up message with no threat intelligence value.
Date: 2026-05-18T13:51:31Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/3cf58dc5ea239a1c026a/?context=64819545c7d6fbfb90#c-64819545c7d6fbfb90
Screenshots:
None
Threat Actors: DrugHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access credentials and infostealer logs across multiple countries
Category: Logs
Content: Threat actor advertising mail access credentials available for multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Also offering configs, scripts, tools, hits, and combo lists. Contact via @Dataxlogs on Telegram.
Date: 2026-05-18T13:49:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/84252
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised email accounts
Category: Initial Access
Content: Threat actor offering rental access to RDP servers hosted on Azure, AWS, and Digital Ocean for daily/monthly rates ($200 mentioned). Also advertising compromised email accounts (domain mail, Gmail, Yahoo), GitHub Student accounts, and various subscription services (ChatGPT Plus, Claude, ElevenLabs Creator Plan). Services offered with escrow protection.
Date: 2026-05-18T13:32:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/84240
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of University of Nicosia (unic.ac.cy)
Category: Data Leak
Content: A threat actor has freely shared what is claimed to be user data belonging to the University of Nicosia (unic.ac.cy) via an external file-sharing link. The post provides no further details on the nature or volume of the data included.
Date: 2026-05-18T13:23:41Z
Network: openweb
Published URL: https://breachforums.rs/Thread-unic-ac-cy-some-users-data
Screenshots:
None
Threat Actors: karahanli31
Victim Country: Cyprus
Victim Industry: Education
Victim Organization: University of Nicosia
Victim Site: unic.ac.cy
Sale of 25K mixed email access combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 25,000 mixed email access credentials via an external file-hosting link. The list was posted on a cracking forum under the combolists and dumps section.
Date: 2026-05-18T13:23:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75663/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Trésor Public Finance
Category: Data Breach
Content: A forum post in the Databases section references Trésor Public Finance, suggesting a potential database breach or leak of the French public treasury. No post content is available to confirm details, scope, or data types involved.
Date: 2026-05-18T13:23:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Tr%C3%A9sor-Public-Finance
Screenshots:
None
Threat Actors: loveforbreachforums
Victim Country: France
Victim Industry: Finance
Victim Organization: Trésor Public
Victim Site: tresor-public.fr
Sale of credential stuffing config for Glovo
Category: Combo List
Content: A threat actor is selling a credential stuffing configuration (config) targeting Glovo, a delivery platform. The seller is advertising via Telegram under the handle Machiaveli1. No further technical details or record counts are provided in the post.
Date: 2026-05-18T13:21:43Z
Network: openweb
Published URL: https://crackingx.com/threads/75661/
Screenshots:
None
Threat Actors: Machiaveli1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 4.1K UHQ mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,100 mixed email credentials, marketed as ultra-high quality (UHQ). The post was shared on a public cracking forum. No additional details about the source or targeted services are available.
Date: 2026-05-18T13:20:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4-1K-UHQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list with 4K–12K daily credentials
Category: Combo List
Content: A forum member is offering a high-quality mixed combo list marketed as fresh and untouched, with a claimed daily supply of 4,000–12,000 credentials. The post advertises private, encrypted access to the content. No specific victim organization or service is identified.
Date: 2026-05-18T13:20:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-20247x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail shared on forum
Category: Combo List
Content: A forum member shared a combo list targeting Hotmail accounts on a public combolist forum. The content is hidden behind a registration/login gate. No record count or additional details are available.
Date: 2026-05-18T13:19:40Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-skylight-public-cloud-hotmail-303609
Screenshots:
None
Threat Actors: SkylightCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.4K Hotmail credentials shared publicly
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,400 Hotmail credentials on a public forum. The post indicates the data was previously distributed in closed groups 4–7 days prior to public release. Content is gated behind registration or login.
Date: 2026-05-18T13:19:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9D%87%EF%B8%8F1-4k-hotmail-mail-access%E2%9D%87%EF%B8%8F%E2%9C%A8-17-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ combo list mix
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 1,346 credentials marketed as high quality. The post advertises a private members-only network with a daily supply of 4,000–12,000 fresh credentials optimized for credential stuffing.
Date: 2026-05-18T13:19:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1346x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Wanted: Initial access to Algeria government infrastructure
Category: Initial Access
Content: A forum user is posting a buying request for access to Algeria government infrastructure, including email (IMAP/webmail), cPanel, and web shells. This is a purchase request, not an active sale or confirmed compromise.
Date: 2026-05-18T13:17:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Buying-algeria-government–76896
Screenshots:
None
Threat Actors: Jasper43
Victim Country: Algeria
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combo list with 5,000 credentials
Category: Combo List
Content: A forum user is offering a combo list of 5,000 mixed credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-18T13:17:00Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A15000x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 690 entries across multiple regions
Category: Combo List
Content: A threat actor is distributing a combo list of 690 Hotmail credentials sourced from users across the USA, Europe, Asia, and Russia. The content is hidden behind a reply gate on the forum. These credentials are intended for use in credential stuffing against Hotmail accounts.
Date: 2026-05-18T13:16:39Z
Network: openweb
Published URL: https://altenens.is/threads/690x-hotmail-access-combo-usa-europe-asia-russian.2942312/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix Mail Combo List (Hotmail, Outlook, AOL, GMX, Inbox, iCloud, Live)
Category: Combo List
Content: A threat actor shared a mixed mail combo list targeting multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The content is gated behind a reply requirement on the forum. No specific victim organization or record count was disclosed.
Date: 2026-05-18T13:16:08Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-15.2942313/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for Canadian credit report data
Category: Carding
Content: A forum user is soliciting a full credit report on a Canadian citizen via direct message. This appears to be a request for financial fraud-enabling data rather than an offer or sale.
Date: 2026-05-18T13:10:18Z
Network: openweb
Published URL: https://breached.st/threads/canada-credit-report-required.87304/unread
Screenshots:
None
Threat Actors: penisanalis
Victim Country: Canada
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of RENIEC — 31 million Peruvian citizens personal records
Category: Data Leak
Content: A threat actor has freely distributed an alleged 10GB database dump attributed to RENIEC, Perus national civil registry. The dataset purportedly contains personal records for 31 million Peruvian citizens including full names, dates of birth, national ID numbers, addresses, marital status, phone numbers, and geographic details. Sample records provided in the post appear consistent with the claimed data structure.
Date: 2026-05-18T13:09:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-RENIEC-10GB-Leaked-31-Million-Peru-citizens-Data
Screenshots:
None
Threat Actors: LauraAllen
Victim Country: Peru
Victim Industry: Government
Victim Organization: RENIEC (Registro Nacional de Identificación y Estado Civil)
Victim Site: reniec.gob.pe
Sale of Xbox credential-stuffing config
Category: Combo List
Content: A forum user is sharing a credential-stuffing configuration file targeting Xbox, marketed as a working API config for 2026. The content is hidden behind a reply gate. Xbox is the targeted service for stuffing, not the breach victim.
Date: 2026-05-18T12:43:31Z
Network: openweb
Published URL: https://altenens.is/threads/fire-xbox-new-config-api-2026-works-fire.2942303/unread
Screenshots:
None
Threat Actors: –•™DAXEN16™•–
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of GMX.de credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of GMX.de login credentials, marketed as speed private full capture. The content is hidden behind a reply gate. No record count or additional details are provided.
Date: 2026-05-18T12:43:04Z
Network: openweb
Published URL: https://altenens.is/threads/gmx-de-login-speed-private-full-capture-by-daxen1616.2942305/unread
Screenshots:
None
Threat Actors: –•™DAXEN16™•–
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 120 OpenBullet 2 and SilverBullet credential stuffing configs
Category: Combo List
Content: A threat actor is distributing a collection of 120 credential stuffing configuration files for OpenBullet 2 and SilverBullet, targeting mixed services. The configs are gated behind a reply requirement on the forum.
Date: 2026-05-18T12:42:37Z
Network: openweb
Published URL: https://altenens.is/threads/x120-configs-openbullet-2-silverbullet-mixed-2026.2942306/unread
Screenshots:
None
Threat Actors: –•™DAXEN16™•–
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list mix mail distributed on cracking forum
Category: Combo List
Content: A threat actor shared a free combo list containing 3,035 mixed email credentials on a cracking forum. The post provides a download link with no additional context about the source or targeted services.
Date: 2026-05-18T12:42:31Z
Network: openweb
Published URL: https://crackingx.com/threads/75658/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent or stolen passport scans
Category: Carding
Content: A threat actor is offering for sale alleged alive passport scans (front and back) priced between $5 and $50 each. Buyers can reportedly select the country and sex of the passport holder. The listing includes a sample file hosted on Sendspace.
Date: 2026-05-18T12:40:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-alive-passports-back-front-400
Screenshots:
None
Threat Actors: wilson008
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany Mixed Target Combo List (740,370 Lines)
Category: Combo List
Content: A combo list containing 740,370 email:password lines targeting German (.de) accounts has been shared on a cracking forum. The list is described as mixed target, indicating credentials applicable across multiple services. No specific victim organization is identified.
Date: 2026-05-18T12:39:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-740-370-Lines-%E2%9C%85-Germany-de-Combolist-Mixed-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 400 UHQ mixed credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 400 UHQ (ultra-high quality) mixed email:password credentials on a cracking forum. No additional details about the data source or target services are available.
Date: 2026-05-18T12:39:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-400-UHQ-MIX
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Deutsche Telekom (telekom.de) — 3.3 million customer records
Category: Data Breach
Content: A threat actor is selling an alleged database of 3.3 million Deutsche Telekom affiliate registrations. The dataset reportedly includes full personal details (name, date of birth, national ID number, email, phone, address), contract information, and banking details (IBAN, BIC, account number). The seller is accepting escrow and can be contacted via Telegram for samples and pricing.
Date: 2026-05-18T12:39:15Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Germany-TELEKOM-DE-3-millions
Screenshots:
None
Threat Actors: giorggios
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Deutsche Telekom
Victim Site: telekom.de
Combo list of alleged educational email credentials
Category: Combo List
Content: A combo list of approximately 113,988 educational email and password pairs was shared on a cracking forum. The post markets the credentials as fresh. No specific breached organization is identified.
Date: 2026-05-18T12:39:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-113-988-Edu-MailPass-Leaks-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged data breach of Tiger Brokers Singapore
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly containing 415,645 user registrations from Tiger Brokers Singapore. No post content was available to confirm data fields or pricing details.
Date: 2026-05-18T12:38:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Singapore-415-645-registrations-Tiger-Brokers
Screenshots:
None
Threat Actors: giorggios
Victim Country: Singapore
Victim Industry: Finance
Victim Organization: Tiger Brokers
Victim Site: tigerbrokers.com.sg
Sale of compromised Fortnite accounts with 200+ skins
Category: Combo List
Content: A forum user is distributing compromised Fortnite accounts advertised as having 200 or more skins and described as freshly checked. The post is hosted in a combolist section and sponsored by RogenCloud. No specific record count or breach source is mentioned.
Date: 2026-05-18T12:38:47Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Fortnite-accounts-with-capture-200SKINS-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 20,000 mixed mail access credentials
Category: Combo List
Content: A forum post on Cracked.st offers a mixed mail access combo list containing approximately 20,000 credentials. No additional details are available regarding the source or composition of the list.
Date: 2026-05-18T12:38:28Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%9020k-MIXED-MAIL-ACCESS-%E2%AD%90–2095666
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail mail access
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,000 Hotmail credentials marketed as UHQ (ultra-high quality) mail access. The post was made on a public cracking forum and appears to offer free access to the list.
Date: 2026-05-18T12:38:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1K-UHQ-HOTMAIL-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4K UHQ Mixed Email Credentials
Category: Combo List
Content: A combo list of approximately 4,000 mixed email and password credentials is being shared on a cracking forum. The post is marketed as UHQ (ultra-high quality). No specific victim organization or breach source is identified.
Date: 2026-05-18T12:37:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4K-UHQ-MIX-MAILS–2095660
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 20,000 Mixed Email Credentials
Category: Combo List
Content: A threat actor shared a combo list of 20,000 mixed email and password credentials. The list is described as UHQ (ultra-high quality). No specific victim organization or breach source is identified.
Date: 2026-05-18T12:37:25Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-20K-UHQ-MIX-MAILS–2095668
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Tavily.com — 1 million user records for sale
Category: Data Breach
Content: A threat actor is selling an alleged full database of Tavily.com containing over 1 million user records for 10 XMR (~$3,868). The dataset purportedly includes email addresses, hashed passwords, and full names. No samples are being provided by the seller.
Date: 2026-05-18T12:37:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-TAVILY-COM-FULL-DATABASE-OF-1-MILLION-USERS-FOR-SALE-ON-10-XMR
Screenshots:
None
Threat Actors: KrolikHacking
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Tavily
Victim Site: tavily.com
Sale of UHQ mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3,800 mixed email and password credentials marketed as ultra-high quality (UHQ). The post was shared on a public cracking forum. No additional details about the source or targeted services are available.
Date: 2026-05-18T12:37:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-3-8K-UHQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access credentials and combo lists by DataxLogs
Category: Combo List
Content: Threat actor operating under the handle DataxLogs is advertising the sale of mail access credentials, combo lists, configs, scripts, and tools targeting multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The seller is actively soliciting requests and providing Telegram contact for transactions.
Date: 2026-05-18T12:36:55Z
Network: telegram
Published URL: https://t.me/c/2613583520/84223
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user is offering a combo list of approximately 7,500 claimed high-quality Hotmail credentials. The post is categorized as credential hits, suggesting the list has been tested against Hotmail. No additional details are available from the post content.
Date: 2026-05-18T12:36:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-7500-HQ-HOTMAIL-HITS
Screenshots:
None
Threat Actors: combosell1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix email:password combo list with 429,000 records
Category: Combo List
Content: A mixed email:password combo list containing approximately 429,000 records was shared on a cracking forum. The post is categorized as a combo list intended for credential stuffing activity. No specific victim organization or targeted service was identified.
Date: 2026-05-18T12:36:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-MIX-Unique-Combo-2-429000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential combo lists and hits for any website
Category: Combo List
Content: A forum user is advertising NFA and FA combo lists or credential hits for any target website, offering a test before purchase. The seller provides contact via Telegram for further details.
Date: 2026-05-18T12:35:41Z
Network: openweb
Published URL: https://cracked.st/Thread-NFA-AND-FA-COMBO-OR-HITS-ANY-WEBSITE-WITH-TEST-FIRST
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
100K mix combo list targeting gaming and shopping services
Category: Combo List
Content: A threat actor is distributing a 100,000-line combo list marketed as fresh and untested, targeting gaming and shopping services. The credentials are available to registered forum members via hidden content. No specific victim organization or breach source is identified.
Date: 2026-05-18T12:34:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-100k-mix-combolist-%E2%9C%A8%C2%A0-unraped-and-fresh-lines-%E2%9C%A8-gaming-shopping-mix-good
Screenshots:
None
Threat Actors: Matrix432
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 31K mail access combo list
Category: Combo List
Content: A forum user is sharing a list of approximately 31,000 reportedly valid mail access credentials. The content is hidden behind a login/registration wall. No specific victim organization or country is identified.
Date: 2026-05-18T12:34:11Z
Network: openweb
Published URL: https://patched.to/Thread-31k-mail-access-valid-list
Screenshots:
None
Threat Actors: Vonmoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mail access combo list
Category: Combo List
Content: A forum post advertises a combo list described as fresh mail access containing 1,940 entries. The content is hidden behind a login/registration wall, limiting visibility into the specific data included. No victim organization or breach source is identified.
Date: 2026-05-18T12:33:42Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x1940-fresh-mail-access
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Weekly community digest post on Dread darknet forum
Category: Chatter
Content: A weekly aggregator post (The Weekly Whiskey) published on the Dread darknet forum, compiling links to notable threads across various subforums including market listings, OpSec guides, and community discussions. The post contains no specific threat claim or victim targeting. One linked thread references a zero-day Linux LPE exploit sold for $170,000, but no further detail is provided within this post.
Date: 2026-05-18T12:33:20Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/81300a9a711b67753148
Screenshots:
None
Threat Actors: samwhiskey P https://daunt.link
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ combo list mix (3,306 records)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3,306 mixed credentials, marketed as high-quality and fresh. The post advertises daily supply of 4,000–12,000 records through a private members-only network. No specific victim organization or targeted service is identified.
Date: 2026-05-18T12:33:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3306x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Indonesian Judicial Website by Ushiromiya
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the alias Ushiromiya conducted a mass defacement campaign targeting the guest book subdomain of the Tenggarong Religious Court, an Indonesian judicial institution. The attack targeted a Linux-based web server hosting the site at the path /tujuan.php. This incident was part of a broader mass defacement operation, as indicated by the mass defacement flag, with a mirror archived on haxor.id.
Date: 2026-05-18T12:32:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249375
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Government – Judiciary
Victim Organization: Pengadilan Agama Tenggarong (Tenggarong Religious Court)
Victim Site: buku-tamu.pa-tenggarong.go.id
Sale of Hotmail combo list sample (715 credentials)
Category: Combo List
Content: A forum user is sharing a sample combo list of 715 Hotmail credentials. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T12:31:33Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-715x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Badan Gizi Nasional (National Nutrition Agency of Indonesia)
Category: Data Leak
Content: A threat actor posted a thread on a cybercrime forum claiming to have a database belonging to Badan Gizi Nasional, the National Nutrition Agency of Indonesia. No post content was available to confirm the nature, size, or contents of the alleged dataset.
Date: 2026-05-18T12:28:58Z
Network: openweb
Published URL: https://breached.st/threads/data-base-badan-gizi-nasional.87302/unread
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Badan Gizi Nasional
Victim Site: Unknown
Combo list of 104,911 credentials shared for free
Category: Combo List
Content: A combo list of 104,911 credential pairs has been made available for free download via Pixeldrain, with a password shared through a Telegram channel. The post was authored by zoood and attributed to a Telegram bot @hello_zod_bot. No specific victim organization or targeted service is identified.
Date: 2026-05-18T12:28:30Z
Network: openweb
Published URL: https://breached.st/threads/104911-lines-combo-by-hello_zod_bot.87303/unread
Screenshots:
None
Threat Actors: zoood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of kfm.websuka.com by Ushiromiya
Category: Defacement
Content: On May 18, 2026, a threat actor known as Ushiromiya conducted a mass defacement campaign targeting kfm.websuka.com, a cloud-hosted website. The defacement was archived and mirrors are available via haxor.id, indicating this was part of a broader coordinated mass defacement operation attributed to the Ushiromiya actor.
Date: 2026-05-18T12:26:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249374
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kfm.websuka.com
Forum chatter post with no actionable content
Category: Chatter
Content: A forum post by HugBunter on Dread contains no actionable content. No threat activity, victim information, or indicators of compromise are present.
Date: 2026-05-18T12:03:12Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/3f30c9af1a6ce4716e5b/?context=253c65ea01f038adb3#c-253c65ea01f038adb3
Screenshots:
None
Threat Actors: HugBunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of BGN (Indonesian government) operational data by Brotherhood Capung
Category: Data Leak
Content: Brotherhood Capung claims to have leaked data from https://www.bgn.go.id/operasional-sppg, an operational portal of the Indonesian governments BGN (Badan Geologi Nasional – National Geological Agency). The leak was announced with hashtags #LEAKED and #BROTHEROODCAPUNGINDONESIA.
Date: 2026-05-18T11:43:54Z
Network: telegram
Published URL: https://t.me/brotheroodbci/197
Screenshots:
None
Threat Actors: Brotherhood Capung
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: BGN (Badan Geologi Nasional)
Victim Site: bgn.go.id
Forum inquiry on cryptocurrency cash-out methods
Category: Chatter
Content: A forum user posted a question on a darknet forum asking how to cash out dirty Bitcoin. No specific victim, service, or operational detail was provided.
Date: 2026-05-18T11:38:24Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/9282e2d59ab76b23a536
Screenshots:
None
Threat Actors: ounce3221 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify credential combo list (4 million records)
Category: Combo List
Content: A threat actor is distributing a Spotify-targeted combo list reportedly containing 4 million credential pairs via a cracking forum and associated Telegram channels. The credentials are intended for credential stuffing against Spotify accounts. No specific breach victim is identified.
Date: 2026-05-18T11:35:12Z
Network: openweb
Published URL: https://crackingx.com/threads/75651/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list including Hotmail credentials
Category: Combo List
Content: A threat actor is selling a mixed email and Hotmail combo list marketed as fresh and private, containing 20,000+ credentials. The listing is offered under a subscription model with tiered pricing ranging from $4 for 3 days to $70 for lifetime access.
Date: 2026-05-18T11:34:18Z
Network: openweb
Published URL: https://patched.to/Thread-mix-mail-10k-by-blackcloversuppprt
Screenshots:
None
Threat Actors: Dataseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 250K Streaming and VPN Targeted UHQ Combo List
Category: Combo List
Content: A threat actor is sharing a 250,000-record combo list advertised as targeting streaming and VPN services. The content is gated behind registration or login on the forum. No specific victim organization is identified.
Date: 2026-05-18T11:34:02Z
Network: openweb
Published URL: https://patched.to/Thread-streaming-250k-streaming-vpn-targeted-uhq-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1 million gaming-targeted combo list
Category: Combo List
Content: A threat actor is offering a gaming-targeted combo list containing approximately 1 million credential pairs. The content is hidden behind a registration or login wall on the forum. No specific victim organization is identified.
Date: 2026-05-18T11:33:46Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-1m-gaming-targeted-good-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Rappi Brazil
Category: Data Breach
Content: A threat actor is offering alleged Rappi Brazil data for sale on a cybercrime forum. The post provides no details on record count or data types. Interested buyers are directed to contact the seller via Telegram.
Date: 2026-05-18T11:27:52Z
Network: openweb
Published URL: https://breached.st/threads/brazil-rappi-data-available.87301/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Brazil
Victim Industry: Retail
Victim Organization: Rappi
Victim Site: rappi.com.br
Forum user seeking employment in Paris region on darknet forum
Category: Chatter
Content: A forum user on DarkNetFrance posted seeking work in the Paris region, stating their previous employment as a courier ended when their supplier was arrested. The post contains no specific threat activity or technical content.
Date: 2026-05-18T11:16:58Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/ea8b44eab4a0e4cd4ffc
Screenshots:
None
Threat Actors: selfishHope 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised email accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access to cloud infrastructure (Azure, AWS, Digital Ocean) at $200, along with sales of compromised email accounts (domain mail, Gmail, Yahoo), GitHub Student accounts, and various subscription services (ChatGPT Plus, Claude, ElevenLabs Creator Plan). Services advertised as available with proof/testing options. Multiple country targets listed (FR, BE, AU, CA, UK, US, NL, PL, DE, JP).
Date: 2026-05-18T11:14:24Z
Network: telegram
Published URL: https://t.me/c/2613583520/84179
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of WorldWind Stealer Pro 2026 malware
Category: Malware
Content: A forum post on DemonForums advertises WorldWind Stealer Pro 2026, a stealer malware tool. The post includes a download link and security scan results, framing the tool as an ethical cybersecurity product. The offering is consistent with stealer malware distribution commonly observed on cracking forums.
Date: 2026-05-18T11:12:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-WorldWind-Stealer-Pro-2026
Screenshots:
None
Threat Actors: alexande5676
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 300x mixed fresh credential hits
Category: Combo List
Content: A threat actor shared a link to a mixed combo list advertised as containing 300 fresh credential hits. The content is hosted on an external paste site. No specific victim organization or service is identified.
Date: 2026-05-18T11:08:12Z
Network: openweb
Published URL: https://patched.to/Thread-300x-mix-fresh-hits
Screenshots:
None
Threat Actors: HolyCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list by s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a high-quality mixed combo list containing approximately 11,739 credential pairs on a cracking forum. The post advertises daily supply of 4,000–12,000 fresh credentials through a private members-only network. No specific victim organization or service is identified.
Date: 2026-05-18T11:04:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75649/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of VentureYours.com vacation rental management platform
Category: Data Breach
Content: A threat actor claims to have compromised the customer database of VentureYours, a vacation rental management platform, in May 2026. The alleged breach includes KYC documents (drivers licenses, rental agreements, contracts) and extensive PII such as names, emails, phone numbers, addresses, and booking details across approximately 25.5 million CSV records totaling 64GB. Samples containing US-based property contact information were shared publicly as part of the post.
Date: 2026-05-18T11:01:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-VentureYours-com-Vacation-Rental-Management-KYC-PII-PART
Screenshots:
None
Threat Actors: zSenior
Victim Country: United States
Victim Industry: Hospitality
Victim Organization: VentureYours
Victim Site: ventureyours.com
Sale of Australian Forex Verified Leads
Category: Services
Content: A threat actor is offering Australian Forex verified leads for sale via Telegram. No further details regarding record count, data fields, or source were provided in the post.
Date: 2026-05-18T11:01:17Z
Network: openweb
Published URL: https://breached.st/threads/australian-forex-verified-leads.87300/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Australia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Stone Face Inn by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the handle DimasHxR defaced a page on stonefaceinn.com, a website associated with a hospitality or lodging establishment. The attacker targeted a specific subpage (b.html) rather than the homepage, indicating a targeted or opportunistic intrusion. No team affiliation, stated motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-18T10:57:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924718
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Stone Face Inn
Victim Site: stonefaceinn.com
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor is freely distributing a URL:Log:Pass combo list containing over 8 million lines, labeled as part 350 of an ongoing series. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-18T10:54:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-350
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail combo list (1,600 entries)
Category: Combo List
Content: A threat actor is selling a mixed mail combo list containing approximately 1,600 entries via a private cloud subscription service. Access is offered at tiered pricing ranging from $4 for 3 days to $70 for lifetime access. The content is gated behind registration or login on the forum.
Date: 2026-05-18T10:53:58Z
Network: openweb
Published URL: https://patched.to/Thread-mix-mail-private-1600x-by-blackcloversuppprt
Screenshots:
None
Threat Actors: Dataseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free access to alleged 1B+ leaked credential search bot
Category: Combo List
Content: A forum user is offering free access to a search bot claiming to index over 1 billion leaked credentials. The actual content is hidden behind a registration/login wall, limiting visibility into the datas origin or composition. No specific victim organization or breach source is identified.
Date: 2026-05-18T10:53:41Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%A5-%F0%9F%94%A5-free-access-to-1b-leaked-search-bot-%F0%9F%94%A5-%F0%9F%94%A5
Screenshots:
None
Threat Actors: poisonyt007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of X (Twitter) combo list with 6,352 credentials
Category: Combo List
Content: A threat actor is selling a combo list of 6,352 mixed credentials purportedly valid for X (Twitter) accounts. The list is offered via subscription tiers ranging from a 24-hour trial at $3 to a 3-month plan at $100, with download links provided via Pasteview and Telegram.
Date: 2026-05-18T10:47:05Z
Network: openweb
Published URL: https://crackingx.com/threads/75646/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a high-quality mixed combo list containing approximately 17,170 credentials, marketed as fresh and untouched. The post advertises daily supply of 4,000–12,000 entries through a private members-only network.
Date: 2026-05-18T10:46:46Z
Network: openweb
Published URL: https://crackingx.com/threads/75648/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Beginner seeking guidance on cashing out compromised Binance accounts
Category: Chatter
Content: A self-described beginner posted on a fraud forum seeking operational advice on cashing out funds from compromised Binance accounts. The poster outlined a proposed laundering chain involving SOCKS5 proxies, no-log VPNs, burner non-KYC wallets, Bitcoin-to-Monero swaps, and peer-to-peer exchange services. No specific compromised accounts or victims were identified in the post.
Date: 2026-05-18T10:46:34Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/3f6ecf38a7aff18bc3d5
Screenshots:
None
Threat Actors: beaucoupdel3a9a 🍼
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: binance.com
Mix email:password combo list with 429,000 records
Category: Combo List
Content: A mixed email:password combo list containing approximately 429,000 records was shared on a cracking forum. The post contains no additional details regarding the source or targeted services. This appears to be a credential stuffing resource distributed to forum members.
Date: 2026-05-18T10:44:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-MIX-Unique-Combo-1-429000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A forum user is sharing or selling a combo list of approximately 4,200 Hotmail credentials marketed as fresh UHQ (ultra-high quality) hits. No additional details are available from the post content.
Date: 2026-05-18T10:44:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4-200x-Fresh-Hotmail-UHQ-Veen0m
Screenshots:
None
Threat Actors: cloudpr00
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Botnet Control Panel with C2 Infrastructure (DarkNet V3.7)
Category: Malware
Content: A threat actor operating as MDGhost is offering a botnet control panel (DarkNet V3.7) for sale at $2,500 USD, claiming a capacity of 128 petabytes. The offering includes a web panel, API, cloud server, P2P network, C2 infrastructure, and malware components targeting Windows and Java environments. Contact is provided via Session messenger.
Date: 2026-05-18T10:41:37Z
Network: openweb
Published URL: https://breached.st/threads/botnet-panneau-de-controle-darknet-v3-7.87299/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of MEC Partner by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced a page on the MEC Partner website (www.mecpartner.com/b.html). The attack was a targeted single-page defacement, not classified as a mass or home page defacement. The attacker operated independently without affiliation to a known hacking team.
Date: 2026-05-18T10:39:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924716
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Business Services
Victim Organization: MEC Partner
Victim Site: www.mecpartner.com
Website Defacement of Pak Arcades by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR successfully defaced the homepage of pakarcades.com.pk, a Pakistani commercial property or arcades-related website. The attack was a targeted single-site homepage defacement with no team affiliation reported. The incident has been archived via zone-xsec.com mirror for reference.
Date: 2026-05-18T10:33:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924710
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Pakistan
Victim Industry: Real Estate / Commercial Property
Victim Organization: Pak Arcades
Victim Site: pakarcades.com.pk
Website Defacement of mgpk777game.pk by DimasHxR
Category: Defacement
Content: On May 18, 2026, the Pakistani online gaming website mgpk777game.pk was defaced by a threat actor operating under the alias DimasHxR, acting independently without an affiliated team. The attack targeted the sites homepage (index.htm), constituting a home defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-18T10:31:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924707
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Pakistan
Victim Industry: Gaming / Online Entertainment
Victim Organization: MGPK777 Game
Victim Site: mgpk777game.pk
Website Defacement of NSFAS Status Check Portal by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website nsfasstatuscheck.org, a portal associated with checking the status of the National Student Financial Aid Scheme (NSFAS) of South Africa, was defaced by the threat actor DimasHxR. The attacker targeted the homepage of the site in a single, non-mass defacement operation. No team affiliation, specific motivation, or technical exploitation details were disclosed in connection with this incident.
Date: 2026-05-18T10:30:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924709
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: South Africa
Victim Industry: Financial Services / Education Finance
Victim Organization: NSFAS Status Check
Victim Site: nsfasstatuscheck.org
Website Defacement of Masti365Game by DimasHxR
Category: Defacement
Content: On May 18, 2026, the Pakistani gaming and entertainment website masti365game.org.pk was defaced by the threat actor DimasHxR, operating without a team affiliation. The attack targeted the homepage (index.htm) and constitutes a single, non-mass defacement incident. The defacement was mirrored and recorded by zone-xsec.com under incident ID 924706.
Date: 2026-05-18T10:29:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924706
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Pakistan
Victim Industry: Entertainment / Gaming
Victim Organization: Masti365Game
Victim Site: masti365game.org.pk
Website Defacement of CanvaMod by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website canvamod.net was defaced by threat actor DimasHxR acting independently without team affiliation. The attack targeted the homepage (index.htm) in a single-site defacement operation. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-18T10:28:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924702
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: CanvaMod
Victim Site: canvamod.net
Request for French hardware store email directory for scraping
Category: Chatter
Content: A forum user is requesting a complete directory of French hardware stores to scrape and extract email addresses. The user mentions that public sources such as Société.fr and Pages Jaunes do not expose email addresses and is asking whether a more complete directory exists on the dark web. No specific victim or dataset is identified.
Date: 2026-05-18T10:27:08Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/c7073ad6df1621b313d2
Screenshots:
None
Threat Actors: Luice18 🍼
Victim Country: France
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Purchase request for League of Legends and Valorant account checker tool
Category: Combo List
Content: A forum user is seeking to purchase an account checker for League of Legends and Valorant, with full capture capability preferred. The user intends to resell cracked accounts for profit and is offering payment in cryptocurrency or a commission-based arrangement.
Date: 2026-05-18T10:26:28Z
Network: openweb
Published URL: https://crackingx.com/threads/75645/
Screenshots:
None
Threat Actors: Clefairy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for anonymous French bank account and PayPal laundering method
Category: Chatter
Content: A forum user is seeking advice on how to transfer funds from PayPal to a French bank account not linked to their identity, bypassing KYC requirements. The post relates to money laundering or financial anonymization in connection with proceeds from e-whoring activity. No specific victim organization or technical threat is identified.
Date: 2026-05-18T10:25:52Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/6a6f14fb25c443331f37
Screenshots:
None
Threat Actors: montana0110 🍼
Victim Country: France
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Retail refund fraud scheme targeting Amazon and major US retailers
Category: Chatter
Content: A forum user describes a planned retail refund fraud scheme targeting Amazon and other major US retailers. The method involves purchasing high-value items, filing false police reports claiming theft or loss, and using those reports to obtain full refunds while retaining the merchandise. The post solicits tips from others who have used this technique.
Date: 2026-05-18T10:24:54Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/3e170bcbffc27d25184b
Screenshots:
None
Threat Actors: qzwx 🍼
Victim Country: United States
Victim Industry: Retail
Victim Organization: Amazon, Walmart, Target, Best Buy, Costco
Victim Site: amazon.com
Free release of mixed email:password combo list
Category: Combo List
Content: A threat actor shared a free combo list containing 4,259 mixed email and password pairs on a public forum. The credentials are marketed as high quality. No specific victim organization or breach source is identified.
Date: 2026-05-18T10:23:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-4259x-HQ-MIXED-MAILS-%E2%9D%84%E2%9D%84–204587
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials
Category: Combo List
Content: A threat actor has freely shared a combo list containing 4,259 mixed email and password credentials. The list is marketed as high quality and is available for download on a cracking forum.
Date: 2026-05-18T10:23:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%84%E2%9D%84-4259x-HQ-MIXED-MAILS-%E2%9D%84%E2%9D%84–2095645
Screenshots:
None
Threat Actors: VALID_HITS99
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 0.9K credentials
Category: Combo List
Content: A threat actor on a cracking forum is sharing a combo list of approximately 900 Hotmail email and password combinations. The post encourages users to leave a like in exchange for more content, suggesting further credential lists may be distributed.
Date: 2026-05-18T10:22:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-0-9K-HOTMAIL-MAIL-ACCESS-%E2%9C%85
Screenshots:
None
Threat Actors: Drip443
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach exposing 14 million French residents personal and telephone records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly containing 14 million records of French individuals, including full names, gender, home addresses, postcodes, telephone numbers, and detailed geographic data (region, department, arrondissement, canton). A sample of structured CSV data was shared in the post to substantiate the claim. The source organization or breach origin has not been identified.
Date: 2026-05-18T10:22:54Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FRANCE-14-MILLION-TELEPHONE–189415
Screenshots:
None
Threat Actors: Earthiscircle
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of bijoyeralo24.com by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced the website bijoyeralo24.com, a Bangladeshi online news or media outlet, targeting a readme.txt file. The attacker operated independently without an affiliated team. No specific motive or technical details were disclosed for this single-target defacement.
Date: 2026-05-18T10:21:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924685
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Bangladesh
Victim Industry: News/Media
Victim Organization: Bijoy Er Alo 24
Victim Site: bijoyeralo24.com
Combo List of 600 Hotmail credentials
Category: Combo List
Content: A threat actor is sharing approximately 600 Hotmail credentials marketed as private, valid, and fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-18T10:19:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%98%A2%EF%B8%8F-uhq-%E2%98%A2%EF%B8%8F-0-6k-prvt-hotmails-%E2%9C%A8-valid-fresh-%E2%9C%A8
Screenshots:
None
Threat Actors: Pirate999
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Prothom Bangla by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website prothombangla.site was defaced by the threat actor DimasHxR operating without a team affiliation. The attacker targeted a specific file path (readme.txt) on the domain, which appears to be associated with a Bangladeshi news or media outlet. No specific motive or technical details regarding the exploitation method were disclosed.
Date: 2026-05-18T10:18:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924688
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Bangladesh
Victim Industry: Media and News
Victim Organization: Prothom Bangla
Victim Site: prothombangla.site
Website Defacement of Gari Insure by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website gariinsure.com was defaced by a threat actor identified as DimasHxR, operating without an affiliated team. The attacker targeted a readme.txt file on the insurance-related domain. No specific motive, proof of concept, or server details were disclosed in association with this incident.
Date: 2026-05-18T10:12:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924677
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Insurance/Financial Services
Victim Organization: Gari Insure
Victim Site: gariinsure.com
Website Defacement of samueloseitutu.org by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced the website samueloseitutu.org, targeting the readme.txt file. The attack appears to be an individual effort with no affiliated team. The incident was a targeted defacement with no indication of mass or repeated compromise.
Date: 2026-05-18T10:06:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924659
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Personal/Individual
Victim Organization: Samuel Oseitutu
Victim Site: samueloseitutu.org
Recruitment post for fraudulent freelancing and KYC bypass scheme
Category: Chatter
Content: A forum user is recruiting native English speakers to create fraudulent freelancing and AI dataset platform accounts using their real identities to pass KYC verification. The arrangement involves handling client interviews and sharing payment account access on a 30% commission and equity basis. The post describes activity consistent with identity-fronting fraud and potential money laundering via shared payment accounts.
Date: 2026-05-18T10:01:45Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/018f6fcc3bf207080a07
Screenshots:
None
Threat Actors: TalentJnr 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of targeted email account access to Hotmail, Yahoo, Reddit, eBay, Uber and other platforms
Category: Initial Access
Content: Threat actor offering for sale targeted email account access to multiple platforms including Hotmail, Yahoo, Reddit, Kleinanzeigen, Walmart, Grailed, Vinted, eBay, Uber, Marriott, and Poshmark. Claims accounts are fresh, valid, and uncompromised. Targeting users in USA, UK, and Canada. Buyer can request specific keywords/targets.
Date: 2026-05-18T10:00:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/84156
Screenshots:
None
Threat Actors: Yuze
Victim Country: United States, United Kingdom, Canada
Victim Industry: Multiple (Email, E-commerce, Travel, Social Media)
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of CoffeeStation by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website coffeestation.in by targeting a readme.txt file. The attacker operated independently without affiliation to a known group or team. No specific motive or technical details regarding the server infrastructure were disclosed in connection with this incident.
Date: 2026-05-18T10:00:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924597
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Food and Beverage
Victim Organization: Coffee Station
Victim Site: coffeestation.in
Forum post seeking employment or collaboration on low-risk cybersecurity work
Category: Chatter
Content: A forum user in Taiwan posted a job-seeking message on a dark web forum, claiming to be a beginner in cybersecurity and white-hat hacking looking for paid work or mentorship. The post does not advertise any specific threat service, stolen data, or malicious capability. No specific victim or threat activity is identified.
Date: 2026-05-18T09:59:47Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/f3b693f808decb517584
Screenshots:
None
Threat Actors: saggttrfhiijhggy 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Solicitation for OSINT/Doxing Services Targeting Individual Debtor in Canada
Category: Chatter
Content: A forum user is soliciting assistance to locate a specific individual who immigrated to Canada and reportedly has a court-ordered debt exceeding $1.3 million USD. The requester claims to possess the targets name and pre-immigration ID number, and is seeking the individuals current Canadian PR card or passport number and contact details. Compensation is offered via fee or profit-sharing arrangement.
Date: 2026-05-18T09:58:40Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/0822b9dc2dfc6e989e9d
Screenshots:
None
Threat Actors: Card_pro001 🍼
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Anzz Interiors by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website of Anzz Interiors by altering the readme.txt file hosted at anzzinteriors.net. The attacker does not appear to be affiliated with any known group or team. No specific motive, proof of compromise details, or server information were disclosed in connection with this incident.
Date: 2026-05-18T09:58:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924594
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Interior Design / Home Furnishings
Victim Organization: Anzz Interiors
Victim Site: anzzinteriors.net
Website Defacement of Essdee Tours and Travels by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website of Essdee Tours and Travels, an Indian travel and tourism company. The attack was a targeted single-site defacement, not part of a mass defacement campaign. No specific motivation or technical details were disclosed for this incident.
Date: 2026-05-18T09:57:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924598
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: Essdee Tours and Travels
Victim Site: essdeetoursandtravels.in
Request for KYC bypass methods and fake ID techniques for financial services
Category: Chatter
Content: A forum user on Dreads OpSec board is soliciting advice on bypassing KYC verification at banking and online payment services such as Wise and Revolut. The user is seeking methods involving fake IDs and AI-generated face-swapped selfies to open accounts without a traceable identity. No specific victim organization or breach is claimed; this is an operational inquiry for financial fraud enablement.
Date: 2026-05-18T09:56:52Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/cefcf73cd61ac93d14ec
Screenshots:
None
Threat Actors: wy5jocn1kb8t5paptmlai 🍼
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Hill King Cabs by DimasHxR
Category: Defacement
Content: The website hillkingcabs.in, belonging to Hill King Cabs, an Indian taxi/cab service provider, was defaced by threat actor DimasHxR on May 18, 2026. The defacement targeted a readme.txt file on the server and was carried out as an individual attack rather than a mass or coordinated campaign. No specific motive or team affiliation was identified for this incident.
Date: 2026-05-18T09:56:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924602
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Transportation / Taxi Services
Victim Organization: Hill King Cabs
Victim Site: hillkingcabs.in
Discussion of UK customs interdiction changes affecting contraband parcel imports
Category: Chatter
Content: A Dread forum user is soliciting information about increased UK customs scrutiny of inbound parcels from the US since November 2025, which they claim has disrupted their contraband importation activities. The post discusses use of decoys, rerouting strategies, and freight alternatives, and asks other users for insights into potential new detection methods or policy changes at UK customs.
Date: 2026-05-18T09:54:52Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/bca0bcb418b730f15d37
Screenshots:
None
Threat Actors: ptguk P 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Aksharbhan by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website aksharbhan.com was defaced by the threat actor DimasHxR, acting without an affiliated team. The defacement targeted a readme.txt file on the domain. No specific motive, vulnerability details, or server information were disclosed in connection with this incident.
Date: 2026-05-18T09:54:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924593
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Aksharbhan
Victim Site: aksharbhan.com
Alleged education sector combo list with 184,295 lines
Category: Combo List
Content: A combo list containing 184,295 email:password lines targeting the education sector has been shared on a cracking forum. The list is described as mixed target and is likely intended for credential stuffing against education-related services.
Date: 2026-05-18T09:53:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-184-295-Lines-%E2%9C%85-Edu-education-Combolist-Mixed-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of shifamz.com by DimasHxR
Category: Defacement
Content: The website shifamz.com was defaced by a threat actor operating under the handle DimasHxR. The attacker targeted a readme.txt file on the domain, leaving a defacement marker. The incident was a single-target, non-mass defacement with no stated motive or team affiliation recorded.
Date: 2026-05-18T09:53:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924607
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Shifamz
Victim Site: shifamz.com
Sale of mixed email credentials combo list
Category: Combo List
Content: A threat actor posted a mixed email and password combo list on a cracking forum. The post advertises the credentials as valid and private. No specific victim organization or record count was disclosed.
Date: 2026-05-18T09:53:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Valid-Mail-FA-Private-Mixed–2095640
Screenshots:
None
Threat Actors: Phantom4T
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 10K credentials
Category: Combo List
Content: A threat actor shared a link to a combo list marketed as containing 10,000 valid Hotmail credentials. The list is being distributed via an external paste service. This is a credential stuffing resource, not a breach of Microsoft or Hotmail infrastructure.
Date: 2026-05-18T09:52:57Z
Network: openweb
Published URL: https://crackingx.com/threads/75643/
Screenshots:
None
Threat Actors: Vmoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a claimed 10,000 high-quality valid Hotmail credentials. The list is marketed as a combolist of verified email and password pairs. No additional context or pricing information is available from the post.
Date: 2026-05-18T09:52:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10k-HQ-Hotmail-Valid-List
Screenshots:
None
Threat Actors: VMMOON
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting French email accounts
Category: Combo List
Content: A forum user is sharing a combo list marketed as French email account credentials. The content is hidden behind a registration or login wall, limiting visibility into the datasets size or composition.
Date: 2026-05-18T09:50:12Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90france-mail-access-%E2%AD%90-303568
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Uruguayan government doxing service leveraging alleged access to multiple government databases
Category: Services
Content: A threat actor operating under the PampaLeaks group is offering a paid doxing service targeting Uruguayan citizens, claiming access to multiple Uruguayan government databases including DNIC, ANTEL TuID Digital, CEIBAL, SUCIVE, UTU, ANEP, and primary education systems. The actor also claims real-time query access to unspecified government systems. The service is priced at $3–$15 USD per lookup payable in Bitcoin, and the actor references a confirmed cyberattack against ANTEL TuID Digital as con
Date: 2026-05-18T09:45:46Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-uruguay-doxing-service-Government-data-Citizens
Screenshots:
None
Threat Actors: LaPampaLeaks
Victim Country: Uruguay
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Iraqi intelligence data
Category: Data Leak
Content: A threat actor has leaked what is claimed to be Iraqi intelligence data, with a compressed file size of 453 MB expanding to 3.5 GB upon decompression. The data was shared freely on a public forum. No further details about the specific organization or data contents were provided.
Date: 2026-05-18T09:44:44Z
Network: openweb
Published URL: https://breached.st/threads/intelligence-data-2026.87298/unread
Screenshots:
None
Threat Actors: karlsssaaa1
Victim Country: Iraq
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Barjeel Group by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website of Barjeel Group, an Indian organization, by altering the readme.txt file hosted on the domain barjeelgroup.in. The attack was a targeted, single-site defacement with no team affiliation reported. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-18T09:41:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924577
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Unknown
Victim Organization: Barjeel Group
Victim Site: barjeelgroup.in
Alleged Discovery of Fast16 Malware: Advanced Sabotage Tool for Nuclear Weapons Simulation Software
Category: Malware
Content: Security researchers from Symantec and Carbon Black have disclosed a Lua-based malware named Fast16 allegedly developed to manipulate and sabotage nuclear weapons-related simulations. The malware targets simulation software including LS-DYNA and AUTODYN, designed to alter calculations related to material behavior under extreme pressure conditions. Researchers assess the tool may date back to the early 2000s and could represent one of the earliest advanced sabotage malware examples predating Stuxnet, suggesting a sophisticated, organized, and long-term operation.
Date: 2026-05-18T09:35:03Z
Network: telegram
Published URL: https://t.me/c/1283513914/21786
Screenshots:
None
Threat Actors: Unknown (suspected state-sponsored)
Victim Country: Unknown
Victim Industry: Nuclear weapons development/simulation
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 2.7 million URL:login:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 2.7 million URL, login, and password combinations. The content is hidden behind a registration or login requirement on the forum. No specific victim organization or targeted service is identified.
Date: 2026-05-18T09:31:43Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%902-7-million-url-login-pass%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2.7 million URL:login:password credentials
Category: Combo List
Content: A combo list containing approximately 2.7 million URL, login, and password combinations was shared on a cracking forum. The post appears to offer these credentials for free distribution. No specific victim organization or breach source is identified.
Date: 2026-05-18T09:31:30Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%902-7-MILLION-URL-LOGIN-PASS%E2%AD%90
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised LinkedIn accounts with credentials and cookies
Category: Initial Access
Content: Threat actor advertising bulk sales of compromised LinkedIn accounts in multiple quantity tiers (0-9 up to 500-10000+). Offering login credentials, 2FA bypass methods, and session cookies. Targeting Vietnamese sellers with competitive pricing. Contact via Telegram @LinkedIn773.
Date: 2026-05-18T09:14:20Z
Network: telegram
Published URL: https://t.me/c/2613583520/84131
Screenshots:
None
Threat Actors: LinkedIn773
Victim Country: Multiple
Victim Industry: Technology/Social Media
Victim Organization: LinkedIn
Victim Site: linkedin.com
Website Defacement of dmslib.com by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website dmslib.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without a known team affiliation. The defacement targeted a specific file path (readme.txt) rather than the site homepage, suggesting a targeted file modification. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-18T09:12:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924569
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DMS Library
Victim Site: dmslib.com
Alleged sale of compromised LinkedIn accounts with credentials and 2FA cookies
Category: Logs
Content: Threat actor offering bulk sales of compromised LinkedIn accounts with email login credentials, 2FA authentication, and session cookies. Seller claims to be from Vietnam and offers tiered pricing based on account quantity (0-9, 10-49, 50-99, 100-299, 300-499, 500-10000+). Contact via Telegram @Rabid623.
Date: 2026-05-18T09:12:21Z
Network: telegram
Published URL: https://t.me/c/2613583520/84129
Screenshots:
None
Threat Actors: Rabid623
Victim Country: United States
Victim Industry: Technology/Social Media
Victim Organization: LinkedIn
Victim Site: linkedin.com
Website Defacement of lrofia.com by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the alias DimasHxR defaced the website lrofia.com by altering a readme.txt file. The attacker acted independently without affiliation to a known group or team. No specific motive, proof of concept, or additional technical details were disclosed in relation to this incident.
Date: 2026-05-18T09:10:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924563
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lrofia.com
CVE-2026-28956 — Multi-Use-After-Free Vulnerability in AppleJPEGXL (libjxl)
Category: Vulnerability
Content: A researcher published a detailed technical write-up for CVE-2026-28956, a multi-Use-After-Free (UAF) vulnerability in AppleJPEGXL (a wrapper over Googles libjxl). A specially crafted JPEG XL image with duplicate ISOBMFF jxlc (codestream) boxes causes premature deallocation of an internal std::vector, after which the destructor iterates over stale pointers and passes them to free(). The post includes a PoC file, IDA-decompiled call traces, exploitation primitives for arm64e, PAC bypass analysis
Date: 2026-05-18T09:09:39Z
Network: openweb
Published URL: https://tier1.life/thread/242
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Apple
Victim Site: apple.com
Sale of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor is distributing a URL:Log:Pass combo list containing over 8 million lines, shared as free content on a combolist forum. This is part 349 of an ongoing series posted by the same user.
Date: 2026-05-18T09:07:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-349
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.3K Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,300 Hotmail mail access credentials on a public forum. The post notes the data was previously distributed in closed groups 4–7 days prior to public release. Content is hidden behind a registration/login requirement.
Date: 2026-05-18T09:07:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9D%87%EF%B8%8F1-3k-hotmail-mail-access%E2%9D%87%EF%B8%8F%E2%9C%A8-17-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting educational sector credentials
Category: Combo List
Content: A combo list containing approximately 102,689 email and password pairs targeting educational sector accounts has been shared on a cracking forum. The post markets the credentials as suitable for use against educational services. No specific victim organization or breach source is identified.
Date: 2026-05-18T09:06:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-102-689-Good-Edu-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ email combo list with 20,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 20,000 email:password credentials marketed as ultra-high quality (UHQ) with valid mail access. The post offers the list to forum members, likely for credential stuffing or account takeover purposes.
Date: 2026-05-18T09:06:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X20K-UHQ-COMBOLIST-MAIL-ACCESS-VALID
Screenshots:
None
Threat Actors: ChoDesign
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with approximately 42,737 credentials
Category: Combo List
Content: A threat actor is selling a combo list marketed as containing approximately 42,737 UHQ Hotmail credentials. The listing advertises clean, verified, and regularly updated lines with subscription pricing starting at $10 per week. Payment is accepted in cryptocurrency.
Date: 2026-05-18T09:06:11Z
Network: openweb
Published URL: https://crackingx.com/threads/75639/
Screenshots:
None
Threat Actors: Haydayx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ email combo list with 12,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 12,000 email and password credentials marketed as UHQ (ultra-high quality) with claimed mail access validity. The post was shared on a public cracking forum.
Date: 2026-05-18T09:05:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X12000-UHQ-COMBOLIST-MAIL-ACCESS-WORKING
Screenshots:
None
Threat Actors: ChoDesign
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2 million MAIL:PASS combo list for VPN, SMTP, IMAP, and POP services
Category: Combo List
Content: A forum user is offering a combo list of 2 million mail:password credentials reportedly usable for VPN, SMTP, IMAP, and POP services. The list is advertised via Telegram channels, with free combo and tool resources also promoted.
Date: 2026-05-18T09:05:54Z
Network: openweb
Published URL: https://crackingx.com/threads/75640/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A forum user is sharing approximately 800 fresh Hotmail credential hits, marketed as top quality and dated 18.05. The content is restricted to registered users of the forum.
Date: 2026-05-18T09:05:37Z
Network: openweb
Published URL: https://crackingx.com/threads/75641/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ email:password combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 9,000 email:password credential pairs, marketed as UHQ. The post was shared on a public cracking forum with a like-gate requirement.
Date: 2026-05-18T09:05:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X9000-Email-Password-COMBO-LIST-UHQ
Screenshots:
None
Threat Actors: ChoDesign
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email:password combo list (6,000 credentials)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 6,000 email:password credential pairs, marketed as UHQ (ultra-high quality). The post is part of a multi-part series shared on a cracking forum.
Date: 2026-05-18T09:04:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X6K-Email-Password-COMBO-LIST-UHQ-PART-2
Screenshots:
None
Threat Actors: ChoDesign
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Chanhassen Dinner Theatres says cyber attack may affect upcoming performances
Category: Cyber Attack
Content: Chanhassen Dinner Theatres was forced to temporarily suspend certain performances due to a cyberattack detected on its computer network, which prompted the theater to take its systems offline as a precautionary measure. The organization is working diligently with external experts to restore services and reschedule the affected performances. Ticketholders for the affected shows will be contacted directly by phone or email for further details.
Date: 2026-05-18T09:04:28Z
Network: openweb
Published URL: https://bringmethenews.com/minnesota-lifestyle/chanhassen-dinner-theatres-says-cyber-attack-may-affect-upcoming-performances
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Chanhassen Dinner Theatres
Victim Site: chanhassendt.com
Website defacement of leepoet.com by Mr. Hanz Xploit of Bekasi Eror System
Category: Defacement
Content: On May 18, 2026, a threat actor identified as Mr. Hanz Xploit, affiliated with the group Bekasi Eror System, defaced a subdomain of leepoet.com by deploying a defacement page at the URL nav.leepoet.com/HANZ.HTML. The incident was a targeted single-site defacement hosted on a cloud-based server. The attack was archived and mirrored via haxor.id, a known defacement tracking platform.
Date: 2026-05-18T09:03:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249370
Screenshots:
None
Threat Actors: Mr. Hanz Xploit, Bekasi Eror System
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Leepoet
Victim Site: nav.leepoet.com
Mass Defacement of pureainav.com by Mr. Hanz Xploit of Bekasi Eror System
Category: Defacement
Content: On May 18, 2026, threat actor Mr. Hanz Xploit, affiliated with the Indonesian hacking group Bekasi Eror System, conducted a mass defacement attack targeting pureainav.com, a Linux-hosted website. The defacement was archived on haxor.id, a known mirror site for web defacements. This incident is part of a broader mass defacement campaign attributed to the same threat actor.
Date: 2026-05-18T09:02:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249371
Screenshots:
None
Threat Actors: Mr. Hanz Xploit, Bekasi Eror System
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Purai Nav
Victim Site: pureainav.com
Alleged leak of mixed combo list distributed by OctoLogs
Category: Combo List
Content: A threat actor operating as OctoLogs shared a mixed combo list of 13,912 entries via a file-sharing link. The post references a Telegram channel advertising a recurring weekly credential leak service for $60. The dataset is labeled as part of a daily leak distribution associated with the FATETRAFFIC brand.
Date: 2026-05-18T08:45:27Z
Network: openweb
Published URL: https://cracked.st/Thread-FATETRAFFIC-13912-MIX-17-05-2026
Screenshots:
None
Threat Actors: OctoLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access to Azure, AWS, and DigitalOcean infrastructure with compromised email accounts
Category: Initial Access
Content: Threat actor offering rental access to RDP servers hosted on Azure, AWS, and DigitalOcean cloud platforms on daily/monthly basis for $200. Also advertising availability of compromised domain email accounts, Gmail, Yahoo accounts, GitHub Student accounts, ChatGPT Plus, Claude 20x Max Plan, and ElevenLabs Creator Plan accounts. Services offered with escrow protection.
Date: 2026-05-18T08:36:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/84101
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of web shell access with terminal capabilities
Category: Initial Access
Content: Threat actor offering shell access for sale via direct message. Post indicates 1 directory with all green directory listing, GSC (likely web shell control panel) enabled, and terminal access active. Contact via @person131.
Date: 2026-05-18T08:27:48Z
Network: telegram
Published URL: https://t.me/c/3755871403/519
Screenshots:
None
Threat Actors: person131
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Sklep Mutenice by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on the Czech e-commerce website sklep-mutenice.cz. The attack targeted a specific page (b.html) rather than the homepage and was carried out as a single, targeted defacement. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-18T08:27:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924140
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Czech Republic
Victim Industry: Retail/E-commerce
Victim Organization: Sklep Mutenice
Victim Site: sklep-mutenice.cz
Combo list of 314K UK email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 314,000 email:password credentials allegedly sourced from United Kingdom users. The list is being shared via Telegram channel and bot.
Date: 2026-05-18T08:26:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Email-Pass-314K-united-kingdom-uk-domainstre1
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for French hardware store email scraping resources
Category: Chatter
Content: A forum user is requesting resources to scrape and extract email addresses from French hardware stores (quincailleries), noting that emails are masked on public directories such as Societe.fr and PagesJaunes. The user is asking if a darknet directory exists with complete contact listings.
Date: 2026-05-18T08:26:31Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/445439142bbd67d04bf3
Screenshots:
None
Threat Actors: Luice18 🍼
Victim Country: France
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of French email:password combo list
Category: Combo List
Content: A threat actor is selling a 17GB email:password combo list purportedly sourced from French (.fr) accounts, covering the period 2025–2026. The listing is priced at $350 and offered via Telegram.
Date: 2026-05-18T08:26:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-Email-Pass-France-fr
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Subtrendz by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website subtrendz.com by altering a readme.txt file. The attacker operated without an affiliated team, and no specific motive or technical details regarding the server environment were disclosed. The incident was a targeted single-site defacement with a mirror archived at zone-xsec.com.
Date: 2026-05-18T08:26:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924153
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Subtrendz
Victim Site: subtrendz.com
Sale of UK email:password combo list
Category: Combo List
Content: A threat actor is selling an 11GB email:password combo list targeting United Kingdom accounts, marketed as covering the 2025-2026 period. The listing is priced at $250 and advertised via Telegram.
Date: 2026-05-18T08:26:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-Sell-Email-Pass-UK
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of yttaaja.store by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor known as DimasHxR defaced the website yttaaja.store by altering a readme.txt file. The attack was an individual defacement, not part of a mass or coordinated campaign. No specific motivation or technical details regarding the server environment were disclosed.
Date: 2026-05-18T08:24:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924152
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce/Retail
Victim Organization: Yttaaja Store
Victim Site: yttaaja.store
Google Ads click fraud service advertised on hacking forum
Category: Services
Content: A threat actor operating under the alias googleripple is advertising a Google Ads click fraud service on a hacking forum. The service claims to manipulate paid ad rankings by artificially clicking competitor ads. Contact is offered via a dedicated website and Telegram channel.
Date: 2026-05-18T08:24:10Z
Network: openweb
Published URL: https://patched.to/Thread-nova-google-ads-clicker-%E2%AD%90-dominate-paid-ads-%E2%AD%90-always-first-position
Screenshots:
None
Threat Actors: googleripple
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of haredang.store by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website haredang.store by altering a readme.txt file. The attack was an individual defacement, not part of a mass or coordinated campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-18T08:23:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924145
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce/Retail
Victim Organization: Haredang Store
Victim Site: haredang.store
Website Defacement of adam78.com by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the alias DimasHxR defaced a page on adam78.com (specifically adam78.com/b.html). The attacker acted independently without affiliation to a known group or team. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-18T08:22:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924141
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: adam78.com
Website Defacement of Bright Stone Media LLC by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced a page on the website of Bright Stone Media LLC, a US-based media company. The attacker targeted a specific subpage (b.html) rather than the homepage, indicating a targeted single-page defacement. No team affiliation, stated motive, or server details were disclosed in connection with this incident.
Date: 2026-05-18T08:20:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924159
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Media and Communications
Victim Organization: Bright Stone Media LLC
Victim Site: brightstonemediallc.com
Website Defacement of klipdrama.store by DimasHxR
Category: Defacement
Content: A threat actor identified as DimasHxR defaced the website klipdrama.store by altering the readme.txt file on May 18, 2026. The attacker operated independently without affiliation to a known team. The targeted domain suggests a media or entertainment platform, and the defacement was a single, non-mass incident.
Date: 2026-05-18T08:18:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924147
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Entertainment/Media
Victim Organization: Klipdrama
Victim Site: klipdrama.store
Website Defacement of bergerakpas.store by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the alias DimasHxR defaced the website bergerakpas.store, targeting a readme.txt file. The attacker acted independently without affiliation to a known group or team. The incident was a single targeted defacement with no mass or repeated defacement indicators observed.
Date: 2026-05-18T08:17:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924143
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce/Retail
Victim Organization: Bergerak Pas
Victim Site: bergerakpas.store
Website Defacement of smpbocil.pro by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website smpbocil.pro, targeting what appears to be an educational institution based on the domain naming convention SMP (a common Indonesian junior high school abbreviation). The defacement was a targeted single-site attack, modifying the readme.txt file as a proof of compromise. No team affiliation, stated motive, or technical details about the exploited vulnerability were disclosed.
Date: 2026-05-18T08:15:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924150
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Education
Victim Organization: SMP Bocil
Victim Site: smpbocil.pro
Alleged data leak of Changzhou Yaoli Electronic Technology Co., Ltd.
Category: Data Leak
Content: The threat actor group SnowSoul claims to have leaked database backup files belonging to Changzhou Yaoli Electronic Technology Co., Ltd. after the organization allegedly refused to pay a $1,000 USD ransom demand. The leaked data includes approximately 10GB of SQL database backups (.bak, .mdf, .ldf files) spanning CRM and other internal systems, made available via multiple external file-sharing links.
Date: 2026-05-18T08:14:31Z
Network: openweb
Published URL: https://breached.st/threads/chinese-data-zhong-guo-shu-ju-snowsoul-id-1317-chang-zhou-yao-li-dian-zi-ke-ji-you-xian-gong-si.87297/unread
Screenshots:
None
Threat Actors: 元帅*
Victim Country: China
Victim Industry: Technology
Victim Organization: Changzhou Yaoli Electronic Technology Co., Ltd.
Victim Site: Unknown
Website Defacement of VS Group Moscow by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on vs-group-msk.ru, a Russian domain likely associated with a Moscow-based organization or business. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted page defacement. The attacker operated independently without affiliation to any known hacking team.
Date: 2026-05-18T08:07:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924135
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: VS Group Moscow
Victim Site: vs-group-msk.ru
Website Defacement of Specimpex by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on specimpex.com, specifically targeting the file b.html. The attacker operated independently without affiliation to a known team. No specific motive or technical details regarding the server environment were disclosed in connection with this incident.
Date: 2026-05-18T08:05:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924139
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Specimpex
Victim Site: specimpex.com
Website Defacement of Giala Travel by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on gialatravel.com, a travel-related website. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. No team affiliation, stated motive, or technical server details were disclosed in connection with this attack.
Date: 2026-05-18T08:02:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924138
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Giala Travel
Victim Site: gialatravel.com
Website Defacement of Slenderify by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website slenderify.com was defaced by threat actor DimasHxR, targeting a specific page (b.html). The attacker operated independently without affiliation to a known group. No specific motive or technical details regarding the server infrastructure were disclosed in connection with this incident.
Date: 2026-05-18T08:01:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924137
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Health and Wellness
Victim Organization: Slenderify
Victim Site: slenderify.com
Website Defacement of Yellow Sofa by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on yellow-sofa.ru, a Russian furniture retail website. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a non-mass, targeted defacement. No team affiliation, stated motive, or technical server details were disclosed in association with this incident.
Date: 2026-05-18T08:00:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924136
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Retail / Furniture
Victim Organization: Yellow Sofa
Victim Site: yellow-sofa.ru
Combo list of 974,634 lines targeting social and shopping platforms
Category: Combo List
Content: A threat actor shared a combo list of 974,634 email:password lines on a cracking forum, marketed as suitable for credential stuffing against social media and shopping platforms.
Date: 2026-05-18T08:00:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-974-634-Lines-%E2%9C%85-Goods-For-Social-and-Shopping-Target-LEaks-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted subscription accounts for multiple premium services
Category: Services
Content: A threat actor is selling discounted premium subscriptions for multiple platforms including ChatGPT, ElevenLabs, Deezer, and others at below-market prices. The accounts are offered as private or upgraded accounts with warranties, suggesting they may be obtained through unauthorized means. Sales are facilitated via an automated storefront and Telegram channel.
Date: 2026-05-18T07:59:48Z
Network: openweb
Published URL: https://cracked.st/Thread-CHEAPEST-Deezer-Elevenlabs-Lovable-Warp-dev-Bolt-new-Chatgpt-Picsart-Wispr
Screenshots:
None
Threat Actors: Brave_Heart
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of evolveyourenglish.com
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from evolveyourenglish.com, claiming approximately 700,000 records. Sample data includes full names, phone numbers, email addresses, cities, and CRM-related fields such as campaign codes and agent assignments, with records appearing to originate from Colombia. The seller is directing interested buyers to a Telegram channel for purchase.
Date: 2026-05-18T07:58:33Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-evolveyourenglish-com-Database-Spain-700K
Screenshots:
None
Threat Actors: Sensitive2025
Victim Country: Spain
Victim Industry: Education
Victim Organization: Evolve Your English
Victim Site: evolveyourenglish.com
Combo list targeting Micronesia with 14K+ email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of over 14,000 email:password credentials purportedly associated with Micronesia, marketed as fresh and dated 18-5-2026. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-18T07:58:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A6%E2%9C%A6-14-k-%E2%9C%A6-micronesia-%E2%9C%A6email-pass%E2%9C%A6fresh%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Lithuania Email:Pass Combo List (12K+)
Category: Combo List
Content: A combo list containing over 12,000 email:password credential pairs associated with Lithuanian accounts has been shared on a forum. The credentials are marketed as fresh, dated 18-5-2026. Content is gated behind registration or login.
Date: 2026-05-18T07:58:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A6%E2%9C%A6-12-k-%E2%9C%A6-lithuania-%E2%9C%A6email-pass%E2%9C%A6fresh%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Kenyan email:password credentials
Category: Combo List
Content: A threat actor is freely sharing a combo list of approximately 14,000 email and password pairs purportedly associated with Kenyan users. The credentials are marketed as fresh and high quality, dated May 18, 2026.
Date: 2026-05-18T07:40:10Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-14-K-%E2%9C%A6-Kenya-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: t4ctici4n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mexico email:password combo list of 114K credentials
Category: Combo List
Content: A combo list of approximately 114,000 email:password credentials associated with Mexico was shared on a combolist forum. The content is gated behind registration or login. The credentials are marketed as fresh, dated 18-05-2026.
Date: 2026-05-18T07:38:16Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A6%E2%9C%A6-114-k-%E2%9C%A6-mexico-%E2%9C%A6email-pass%E2%9C%A6fresh%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Malaysia email:password combo list with 39K+ credentials
Category: Combo List
Content: A combo list containing over 39,000 email:password credential pairs attributed to Malaysian accounts has been shared on a forum. The credentials are marketed as fresh, dated 18-5-2026. Content is gated behind forum registration or login.
Date: 2026-05-18T07:38:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A6%E2%9C%A6-39-k-%E2%9C%A6-malaysia-%E2%9C%A6email-pass%E2%9C%A6fresh%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Montenegro with 37K+ email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of over 37,000 email:password credentials purportedly associated with Montenegro users, marketed as fresh and dated 18-5-2026. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-18T07:37:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A6%E2%9C%A6-37-k-%E2%9C%A6-montenegro-%E2%9C%A6email-pass%E2%9C%A6fresh%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Latvian email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 37,000 email:password credentials purportedly associated with Latvian accounts, marketed as fresh and dated May 18, 2026. The content is gated behind forum registration or login.
Date: 2026-05-18T07:37:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A6%E2%9C%A6-37-k-%E2%9C%A6-latvia-%E2%9C%A6email-pass%E2%9C%A6fresh%E2%9C%A6-18-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram mass account registration and automation software
Category: Services
Content: A seller is advertising MVS Web, a desktop application designed for mass registration, verification, and automation of Telegram accounts. The software emulates iOS and Android platforms with CAPTCHA processing, device fingerprinting, and account warm-up capabilities. The seller provides links to their website, Telegram contact, and documentation.
Date: 2026-05-18T07:20:11Z
Network: openweb
Published URL: https://crackingx.com/threads/75636/
Screenshots:
None
Threat Actors: lolzika
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor shared a combo list of 1,491 Hotmail credential hits, marketed as premium and valid. The list is described as private cloud with mixed mail formats and is made available for free download.
Date: 2026-05-18T07:13:38Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1491x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2295089
Screenshots:
None
Threat Actors: Xdalphaaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged illegal hacking services advertisement
Category: Cyber Attack
Content: Threat actor advertising various illegal services including account hacking (Telegram, iCloud, Snapchat, Email, LinkedIn, Reddit), mobile phone hacking, website hacking, IP camera compromise, and stolen funds recovery. Contact handle provided: @sureciphern__
Date: 2026-05-18T07:11:07Z
Network: telegram
Published URL: https://t.me/c/2613583520/84074
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh database access and inbox credentials across multiple countries
Category: Combo List
Content: Threat actor Num is advertising fresh database access and inbox credentials for multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with focus on e-commerce platforms (eBay, OfferUp, Amazon, Walmart, Poshmark, Alibaba, Mercari, Kleinanzeigen) and payment services (PSN, Booking, Uber, Neosurf). Claims to own private cloud infrastructure with valid webmail access. Offering keyword-based searches and requesting direct messages for specific requests.
Date: 2026-05-18T07:04:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/84059
Screenshots:
None
Threat Actors: Num
Victim Country: Unknown
Victim Industry: E-commerce, Payment Services, Webmail
Victim Organization: Unknown
Victim Site: Unknown
Alleged Advanced Backdoor FireStarter Discovered in Cisco Firewalls
Category: Vulnerability
Content: Security researchers have identified a malware called FireStarter capable of persisting at the firmware level of Cisco firewalls, remaining active even after device reboot or security updates. The backdoor reportedly targeted a U.S. federal agency in the past year, providing attackers with long-term access and control of network equipment. Experts warn that firmware-level persistence bypasses standard security processes and patch installations, creating significant trust issues for network infrastructure.
Date: 2026-05-18T07:02:35Z
Network: telegram
Published URL: https://t.me/c/1283513914/21778
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 122 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 122 Hotmail credentials via a download link and Telegram channel. The post advertises tiered subscription pricing suggesting an ongoing credential-stuffing or account-checking service.
Date: 2026-05-18T06:49:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75634/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list mix shared on forum by user Stevee36
Category: Combo List
Content: A user identified as Stevee36 shared a combo list described as an HQ mix containing approximately 1,617 credential pairs on a public forum. The content is hidden behind a registration or login wall. No specific victim organization or targeted service is identified.
Date: 2026-05-18T06:49:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-x1617-hq-mix-%E2%9A%A1%E2%9A%A1-by-stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 16,000 valid mail access credentials
Category: Combo List
Content: A threat actor shared a combo list of 16,000 claimed valid mail access credentials on a cracking forum. No additional details about the source or targeted services are available from the post content.
Date: 2026-05-18T06:44:51Z
Network: openweb
Published URL: https://cracked.st/Thread-16k-Full-MailAccess-Valid
Screenshots:
None
Threat Actors: private_crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Kick.com automation tool offering account generation, followers, chat, and viewer services
Category: Services
Content: A forum post advertises KickAIO, an automation tool targeting the Kick.com platform, offering services including account generation, followers, chat automation, and viewer inflation. The tool is marketed with a free trial and is HTTP-based. The service is offered via ascendbot.net.
Date: 2026-05-18T06:44:23Z
Network: openweb
Published URL: https://cracked.st/Thread-KickAIO-Tool-FREE-TRIAL-Acc-Gen-Follows-Chat-Viewers-HTTP-Based
Screenshots:
None
Threat Actors: OneManArmy19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of apophislights.com by C10F/X404
Category: Defacement
Content: Indonesian defacer group C10F/X404 claims to have defaced en.apophislights.com, with multiple URLs provided showing various defaced pages including error pages, readme, and verification files.
Date: 2026-05-18T06:43:03Z
Network: telegram
Published URL: https://t.me/c/3755871403/517
Screenshots:
None
Threat Actors: C10F
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Apophis Lights
Victim Site: apophislights.com
Alleged Hacking Services Advertisement – Multiple Illegal Services Offered
Category: Cyber Attack
Content: User advertising hacking services including Telegram account hacking, mobile phone hacking, website hacking, iCloud hacking, email hacking, stolen funds recovery, and social media account rental/hacking. Contact provided via Telegram handle @sureciphern.
Date: 2026-05-18T06:38:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/84051
Screenshots:
None
Threat Actors: sureciphern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised cloud accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure on daily/monthly basis for $200. Also advertising stolen domain email accounts, Gmail, Yahoo accounts, GitHub Student accounts, and unauthorized access to ChatGPT Plus, Claude, and ElevenLabs Creator Plan accounts. Service includes escrow protection.
Date: 2026-05-18T06:36:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/84043
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Technology/Cloud Services
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 907 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 907 purportedly valid Hotmail credentials, marketed with a date of 17.05.2026. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-18T06:30:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%90%B0907-hotmail-valid-access-17-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 1,341 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,341 claimed valid Hotmail credentials, dated May 17, 2026. The content is gated behind registration or login on the forum. No details on data origin or collection method are provided.
Date: 2026-05-18T06:30:36Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%90%B01341-hotmail-valid-access-17-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 16K Valid Mixed Credentials
Category: Combo List
Content: A forum user shared a combo list advertised as containing 16,000 valid mixed credentials. The content is hidden behind a registration or login wall. No specific victim organization or targeted service is identified.
Date: 2026-05-18T06:30:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A816k-valid-mix%E2%9C%A8
Screenshots:
None
Threat Actors: mental2027
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Amp AI Coding Assistant subscriptions
Category: Services
Content: A forum seller is offering Amp AI Coding Assistant one-year subscriptions at a discounted price of $50, compared to the stated retail price of $180. Orders are fulfilled via direct message. The nature of the discounted access (e.g., shared, cracked, or resold accounts) is not specified in the post.
Date: 2026-05-18T06:21:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Amp-%E2%80%93-AI-Coding-Assistant-1-Year-understand-any-code-fast-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium streaming service accounts including Spotify, Pornhub, Max, and Starz
Category: Services
Content: A forum seller operating under the brand Rexon.cc is advertising premium accounts for streaming services including Spotify, Pornhub, Max, and Starz with auto-renew functionality. The post promotes a commercial account-selling service rather than a specific breach or leak.
Date: 2026-05-18T06:21:17Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-ACCOUNTS-PREMIUM-%E2%AD%90-%E2%9A%A1%EF%B8%8F-AUTO-RENEW-%E2%9A%A1%EF%B8%8F-SPOTIFY-%E2%9A%A1-PORNHUB-%E2%9A%A1-MAX-%E2%9A%A1%EF%B8%8F-STARZ-%E2%9A%A1%EF%B8%8F-REXON-CC
Screenshots:
None
Threat Actors: Heldan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rexon.cc
Forum inquiry about purchasing stolen cryptocurrency
Category: Chatter
Content: A self-identified new user posted a question on the DarkNetMarkets Dread forum asking whether stolen bitcoins can be purchased and requesting referrals to active marketplaces. No specific threat actor, victim, or operational content is present in the post.
Date: 2026-05-18T06:20:40Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/48e3436d97a62ff1a373
Screenshots:
None
Threat Actors: borobp 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting German web and GMX email services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3.3 million credentials purportedly targeting German web and GMX email services. The list is being shared freely via Telegram channels. No specific breached organization is identified.
Date: 2026-05-18T06:02:15Z
Network: openweb
Published URL: https://crackingx.com/threads/75630/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List distribution of URL:Log:Pass credentials with 7.25 million lines
Category: Combo List
Content: A threat actor on a cracking forum is distributing a URL:Log:Pass combo list containing approximately 7.25 million lines. The post provides minimal detail beyond the line count and a greeting. The dataset appears to be aggregated credentials intended for credential stuffing use.
Date: 2026-05-18T06:01:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-The-best-Url-Log-Pass-7-253-955-M%C4%B1ll%C4%B1on-L%C4%B1nes
Screenshots:
None
Threat Actors: StarLinkClub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Log:Pass combo list with 7.25 million lines
Category: Combo List
Content: A threat actor on a leak forum has shared a URL:Log:Pass combo list containing approximately 7.25 million lines. The content is hidden behind a registration/login wall. No specific victim organization or targeted service is identified.
Date: 2026-05-18T06:01:33Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-The-best-Url-Log-Pass-7-253-955-M%C4%B1ll%C4%B1on-L%C4%B1nes
Screenshots:
None
Threat Actors: Max095
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting mixed-country gaming services
Category: Combo List
Content: A combo list containing approximately 1.28 million email and password pairs has been shared on a cracking forum, marketed as targeting gaming services across multiple countries. The dataset is described as mixed-country and appears intended for credential stuffing against gaming platforms.
Date: 2026-05-18T06:00:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-281-766-Mixed-Country-Gaming-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail combo list with 30,000 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 30,000 Gmail credentials on a cracking forum. The list is described as private. No additional details are available from the post content.
Date: 2026-05-18T05:59:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-30k-Gmail-Private-Combolist
Screenshots:
None
Threat Actors: BygBB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Autodesk software subscriptions
Category: Services
Content: A forum user is offering Autodesk Professional Design Suite one-year subscriptions for $25, significantly below the retail price. The post advertises access to multiple Autodesk products including AutoCAD, Revit, and Maya, with buyers instructed to DM for access. This is likely resale of unauthorized or compromised Autodesk account access.
Date: 2026-05-18T05:58:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Autodesk-%E2%80%93-Professional-Design-Suite-1-Year
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hostinger Startup Web Hosting Plan at Discounted Price
Category: Services
Content: A forum seller is offering a one-year Hostinger Startup Plan web hosting subscription for $70, advertised at a discount from the $300 retail price. The seller promotes features such as NVMe storage, free domain, SSL, and daily backups, and instructs buyers to DM for access. This appears to be a resale or unauthorized distribution of a commercial hosting plan.
Date: 2026-05-18T05:57:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8FHostinger-Startup-Plan-%E2%80%93-Web-Hosting-1-Year-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted LinkedIn Sales Navigator and Career Plan subscriptions
Category: Services
Content: A forum seller is offering discounted LinkedIn Sales Navigator and Career Plan subscriptions at $25/month and $50/year respectively, claiming significant savings over retail pricing. The seller instructs interested buyers to send a direct message to receive access. The nature of the access (e.g., compromised accounts, shared subscriptions, or resold licenses) is not specified in the post.
Date: 2026-05-18T05:55:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1LinkedIn-%E2%80%93-Sales-Navigator-Career-1-Year-find-exact-decision-makers%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with fresh credentials
Category: Combo List
Content: A forum user is distributing a combo list containing approximately 144,480 Hotmail credentials marketed as fresh. The post was shared on a public cracking forum and requests users to like the post.
Date: 2026-05-18T05:36:05Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8-14448X-Fresh-Hotmails
Screenshots:
None
Threat Actors: marckyyz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Mixed Country Yahoo.com Combo List with 1.75 Million Lines
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 1.75 million email:password lines targeting Yahoo.com accounts. The list is described as mixed-country and marketed for use in 2026. No further details are available as the post content is empty.
Date: 2026-05-18T05:35:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-753-805-Lines-%E2%9C%85-Mixed-Country-Yahoo-com-COmbolist-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list with 27.86 million records via Daxus.pro
Category: Logs
Content: A threat actor operating under the alias Daxus is distributing a URL:LOG:PASS dataset containing approximately 27.86 million records, advertised as UHQ (ultra-high quality) stealer log output. The content is made available via a hidden link on the forum, with a full database offered through their commercial service at Daxus.pro and an associated Telegram channel.
Date: 2026-05-18T05:35:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-27-86-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised TradingView Premium accounts
Category: Carding
Content: A threat actor is offering access to compromised TradingView Premium accounts, providing credentials including ID, password, and email login access for a 30-day period with a replacement warranty. The accounts are being sold via direct message at an undisclosed price, consistent with account takeover reselling activity.
Date: 2026-05-18T05:35:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-TradingView-Premium-%E2%80%94-1-Month-Access-Available
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: TradingView
Victim Site: tradingview.com
Sale of Backblaze Personal Backup subscription access on cracking forum
Category: Services
Content: A forum seller is offering Backblaze Personal Backup subscriptions with unlimited cloud storage for one year at $60, activated on the buyers own email. The listing appears to involve resale of likely unauthorized or fraudulently obtained subscription access.
Date: 2026-05-18T05:34:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Backblaze-Personal-Backup-%E2%80%93-Unlimited-Storage-1-Year-60-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Rezi AI subscription access on cracking forum
Category: Services
Content: A forum seller is offering Rezi AI ATS Resume Builder one-year subscriptions at $20, discounted from the retail price of $96. The post advertises access delivered via DM and claims limited availability. This appears to be resale of potentially unauthorized or cracked account access to the legitimate Rezi AI platform.
Date: 2026-05-18T05:34:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1%E2%9A%A1%E2%9A%A1-Rezi-AI-%E2%80%93-ATS-Resume-Builder-1-Year-Zero-callbacks-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 5,000 high-quality Hotmail credential hits. The content is gated behind forum registration or login. These credentials are likely sourced from prior breaches and tested against Hotmail accounts.
Date: 2026-05-18T05:33:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-5k-hq-hotmail-hit-%E2%9C%85-303530
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Pro Marketing Tool Pack
Category: Services
Content: A forum post advertises a Pro Marketing Tool Pack by ucv, shared as hidden content requiring registration or login to access. No specific victim, dataset, or threat details are disclosed in the visible portion of the post.
Date: 2026-05-18T05:19:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Pro-Marketing-TOOL-Pack-by-ucv
Screenshots:
None
Threat Actors: Nexa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: Hidden content post with no visible threat data
Category: Alert
Content: A forum post on a leak forum advertises 500GB pCloud storage free but the content is hidden behind a login/register gate. No threat-relevant information is visible in the post.
Date: 2026-05-18T05:18:56Z
Network: openweb
Published URL: https://leakforum.io/Thread-500GB-PCLOUD-STORAGE-FREE
Screenshots:
None
Threat Actors: Nexa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of xia Undetected DLL Stealer with Runtime and Scantime Evasion
Category: Malware
Content: A threat actor is selling a DLL-based information stealer named xia, advertised as fully undetected at both scan time and runtime via DLL sideloading. The stealer targets browser credentials, cookies, credit cards, autofill data, and 25 cryptocurrency wallet extensions, and includes features such as a Ring-3 rootkit, UAC bypass, persistence, anti-VM/anti-debug, and Discord webhook exfiltration. The malware is under 500KB and supports Windows 10 and 11.
Date: 2026-05-18T05:08:11Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-MALWARE-xia-Full-Undetected-Stealer-Scantime-Runtime
Screenshots:
None
Threat Actors: kandricklamar
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ManoMano
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from ManoMano, a French online home improvement and gardening marketplace. The post includes a contact session ID, suggesting direct negotiation is required. No record count or sample data was provided in the post.
Date: 2026-05-18T05:07:17Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-manomano-com
Screenshots:
None
Threat Actors: Saikaa
Victim Country: France
Victim Industry: Retail
Victim Organization: ManoMano
Victim Site: manomano.com
Combo List of Hotmail Credentials (5,197 Records)
Category: Combo List
Content: A threat actor shared a combo list of 5,197 Hotmail email and password pairs on a public forum. The credentials are marketed as valid hits and were posted with an image link as proof. This is a credential stuffing list, not a breach of Hotmail/Microsoft infrastructure.
Date: 2026-05-18T04:50:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-5-197-Good-HOTMAIL-GOODS-18-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list with 1,000 valid credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1,000 valid credentials via an external paste link. No specific victim organization or targeted service was identified in the post.
Date: 2026-05-18T04:45:02Z
Network: openweb
Published URL: https://crackingx.com/threads/75628/
Screenshots:
None
Threat Actors: COYYT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list shared on cracking forum
Category: Combo List
Content: A threat actor known as D4rkNetHub has shared a combo list of approximately 5,197 Hotmail credentials on a cracking forum. The content is gated behind registration, with a preview image hosted externally. These credentials are likely intended for credential stuffing against Hotmail/Microsoft accounts.
Date: 2026-05-18T04:44:44Z
Network: openweb
Published URL: https://crackingx.com/threads/75629/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail mail access
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 884 Hotmail mail access credentials, described as old data previously shared in closed groups 4–7 days before public release. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-18T04:31:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9D%87%EF%B8%8Fx884-hotmail-mail-access%E2%9D%87%EF%B8%8F%E2%9C%A8-17-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea Email Combo List (Batch 46/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korean email credentials as part of a series of 100 releases. The content is hidden behind a registration/login wall on the forum. No specific victim organization or record count is disclosed.
Date: 2026-05-18T04:31:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-46-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised credentials, cookies database, and RDP access across multiple countries
Category: Initial Access
Content: Threat actor offering full access to mailpass and cookies database covering UK, DE, JP, NL, BR, PL, ES, US, IT with inbox searching capabilities for popular platforms (eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Mercari). Also offering RDP rental for Azure, AWS, and DigitalOcean infrastructure, domain email accounts (Gmail, Yahoo), GitHub Student accounts, and various subscription services (ChatGPT Plus, Claude, ElevenLabs Creator Plan). Escrow service available.
Date: 2026-05-18T04:23:30Z
Network: telegram
Published URL: https://t.me/c/2613583520/83990
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, cloud services, email providers)
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Fresh Hotmail Credentials Marketed for Gaming Platform Access
Category: Combo List
Content: A threat actor is distributing a combo list of 122 Hotmail credentials described as fresh and private. The list is marketed for use against gaming platforms including Fortnite, Minecraft, Valorant, Steam, and Rockstar. Content is hidden behind registration or login on the forum.
Date: 2026-05-18T04:19:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-122x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90-FORNITE-MINECRAFT-VALORANT-STEAM-ROCKSTAR-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list publicly released after private group distribution
Category: Combo List
Content: A threat actor shared a Hotmail credential combo list on a public forum, claiming the data was first distributed in private closed groups 4–7 days prior. The post is labeled as old data and marketed as VIP Cloud access credentials.
Date: 2026-05-18T03:57:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8%E2%9D%87%EF%B8%8FX892-HOTMAIL-MAIL-ACCESS%E2%9D%87%EF%B8%8F%E2%9C%A8-17-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Surfshark VPN Premium Access
Category: Services
Content: A forum user is advertising Surfshark VPN premium access for a 2-month period, delivered via email. No further details are available from the post content.
Date: 2026-05-18T03:57:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8FSurfshark-VPN-%E2%80%94-2-Months-Premium-Available-in-your-email-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 83K credentials
Category: Logs
Content: A forum user is distributing a mixed combo list advertised as containing approximately 83,000 valid credentials. The post is described as fresh and valid. No specific victim organization or service is identified.
Date: 2026-05-18T03:56:55Z
Network: openweb
Published URL: https://xforums.st/threads/83k-mixed-valid-fresh-combolist.615220/
Screenshots:
None
Threat Actors: VegaMoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list
Category: Combo List
Content: A forum user is sharing a mixed mail access combo list as hidden content, requiring registration or login to view. No details on record count, sources, or specific mail providers are provided in the visible post.
Date: 2026-05-18T03:56:31Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-Mail-access-valid-mixed
Screenshots:
None
Threat Actors: AlexHard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak related to UPL Chile
Category: Data Leak
Content: A forum post references content related to UPL Chile shared on a leak forum. The actual content is hidden behind a login/registration wall, preventing assessment of data type or record count.
Date: 2026-05-18T03:55:18Z
Network: openweb
Published URL: https://patched.to/Thread-upl-chile
Screenshots:
None
Threat Actors: Hxleyys
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: UPL Chile
Victim Site: Unknown
Sale of UHQ Hotmail combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 1,344 claimed valid Hotmail credentials on a cybercrime forum. The post advertises the list as UHQ (ultra-high quality) and includes a mix of valid accounts. Content is hidden behind a registration or login requirement.
Date: 2026-05-18T03:54:36Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-x1344-valid-uhq-hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa04
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of French and Italian Mail Access Credentials
Category: Combo List
Content: A threat actor known as TraxGod is distributing a combo list of approximately 1,800 mixed mail access credentials targeting French and Italian accounts. The data is described as previously shared in private groups 4–7 days before public release.
Date: 2026-05-18T03:54:08Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9D%87%EF%B8%8F1-8k-fr-it-mail-access-mix%E2%9D%87%EF%B8%8F%E2%9C%A8-17-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hotmail UHQ credentials and combolists across multiple countries
Category: Combo List
Content: Seller offering private cloud Hotmail UHQ (Ultra High Quality) credentials and combolists for multiple countries including DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SP, SG. Also advertising access to kleinanzeigen, eBay, Reddit, Poshmark, Depop, Walmart, and Amazon credentials. Seller claims ability to check keywords for serious buyers only.
Date: 2026-05-18T03:40:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/83957
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com, kleinanzeigen.de, ebay.com, reddit.com, poshmark.com, depop.com, walmart.com, amazon.com
Alleged sale of private cloud Hotmail credentials and geo-specific combolist database
Category: Combo List
Content: Threat actor offering access to a private cloud database containing high-quality Hotmail credentials and country-specific datasets. Available regions include FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SP, SG and others. Seller claims to have access to premium Hotmail data and associated platform credentials (Walmart, eBay, Kleinanzeigen, Uber, Poshmark). Serious buyers only, custom keyword checking offered.
Date: 2026-05-18T03:36:26Z
Network: telegram
Published URL: https://t.me/c/2613583520/83967
Screenshots:
None
Threat Actors: Yhōu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com, walmart.com, ebay.com, uber.com, poshmark.com
Sale of stolen payment cards and bank logs with cashout services
Category: Carding
Content: A threat actor is advertising stolen credit cards and bank logs along with cashout services converting funds to CashApp and cryptocurrency. Services offered include bank log-to-crypto conversions, PayPal-to-crypto, and CC-to-CashApp transfers. The post directs interested parties to an external contact link for walkthroughs and transactions.
Date: 2026-05-18T03:32:06Z
Network: openweb
Published URL: https://nulledbb.com/thread-Linkable-Ccs-Bank-logs-Slips–2295078
Screenshots:
None
Threat Actors: Spoonkie
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo combo list with 531K lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 531,712 lines marketed as Good Leaks Yahoo 2026. The content is gated behind a reply requirement. Yahoo is referenced as the credential target, not as the breach victim.
Date: 2026-05-18T03:26:19Z
Network: openweb
Published URL: https://altenens.is/threads/531-712-lines-check-mark-button-good-leaks-yahoo-2026.2942234/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 912K URL:LOG:PASS combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 912,000 URL:login:password credential pairs, marketed as private. Access to the content requires engagement with the post.
Date: 2026-05-18T03:25:53Z
Network: openweb
Published URL: https://altenens.is/threads/912k-napoleon-corp-up-467-url-log-pass-private.2942235/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
3 Million UHQ Email:Password Combo List
Category: Combo List
Content: A threat actor has shared a combo list of approximately 3 million email:password lines via a file-sharing link, marketed as UHQ (ultra-high quality) and fresh. The post includes a download link hosted on gofile.io.
Date: 2026-05-18T02:59:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-3-MILLION-UHQ-LINES-FRESH-BY-SNOW-CLOUD–2095556
Screenshots:
None
Threat Actors: Snowki032312
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email account access across multiple platforms
Category: Initial Access
Content: Threat actor offering fresh, valid compromised email accounts and access credentials for multiple platforms including Hotmail, Yahoo, Gmail, eBay, Uber, Walmart, Amazon, Reddit, Marriott, Poshmark, and others. Claims to have access to accounts across multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox access. Seller operates private cloud infrastructure and requests direct messages for specific keyword searches.
Date: 2026-05-18T02:58:04Z
Network: telegram
Published URL: https://t.me/c/2613583520/83950
Screenshots:
None
Threat Actors: Unknown
Victim Country: Multiple countries
Victim Industry: Multiple (e-commerce, email, travel, social platforms)
Victim Organization: Unknown
Victim Site: Unknown
Sale of Google.com Signed SMTP Mailer for High-Inbox Email Delivery
Category: Phishing
Content: A threat actor is selling access to a Gmail-based SMTP mailer that reportedly sends mail directly from a Google.com relay without spoofing, claiming a 99% inbox delivery rate. The offering includes multiple templates and custom input options, with access limited to six buyers. The seller is not offering source code, only operational access.
Date: 2026-05-18T02:55:35Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Google-com-Signed-SMTP-Mailer
Screenshots:
None
Threat Actors: Anon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of undisclosed Chinese organization by SnowSoul
Category: Data Leak
Content: The group SnowSoul has leaked approximately 35GB of database dump files allegedly belonging to an unnamed Chinese organization, including Oracle database files, DBF index files, and DMP dumps. The post criticizes the victim organization and Chinese authorities for ignoring the breach. Files have been made available via multiple external download links.
Date: 2026-05-18T02:54:36Z
Network: openweb
Published URL: https://breached.st/threads/chinese-data-zhong-guo-shu-ju-snowsoul-id-1316-35g-dmp.87293/unread
Screenshots:
None
Threat Actors: 元帅*
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed domain email credential list with 1.4 million records
Category: Combo List
Content: A mixed-domain email:password combo list containing approximately 1.4 million records was shared on a cracking forum. The post is categorized as fresh leaks, suggesting the credentials are recently harvested or compiled. No specific victim organization or breach source is identified.
Date: 2026-05-18T02:45:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-416-221-%E2%AD%90%EF%B8%8F-Mixed-Domain-Fresh-Leaks
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Custom automation and bot development service offering on cybercrime forum
Category: Services
Content: A forum member is advertising custom software development services starting at $50, including parsers, auto-registrators, spammers, checkers, bruteforce tools, and AI-powered bot automation using ZennoPoster, ZennoDroid, BAS, and Private Keeper. The seller claims capability to bypass WAF, CAPTCHA, and other bot protections, and offers full Android and Windows application support. Payment terms include 50% prepayment or forum escrow.
Date: 2026-05-18T02:32:55Z
Network: openweb
Published URL: https://breached.st/threads/software-development-bas-private-keeper-pk-zennoposter-zennodroid-50.87291/unread
Screenshots:
None
Threat Actors: aisus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list with 2.6 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2.6 million Hotmail credentials marketed as fresh and high quality. The list is advertised on a cracking forum and sponsored by the posters own service. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-18T02:21:58Z
Network: openweb
Published URL: https://cracked.st/Thread-2-6M-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 18 Million UHQ Gmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 18 million UHQ Gmail credentials marketed as fresh. The post is sponsored by a third-party AIO tool service. Gmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-18T02:21:41Z
Network: openweb
Published URL: https://cracked.st/Thread-18M-UHQ-GMAIL-COMBO-FRESH–2095548
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 5.1 million UHQ mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 5.1 million mixed mail credentials, marketed as fresh and UHQ (ultra-high quality). The post is sponsored by a credential-stuffing AIO tool service.
Date: 2026-05-18T02:21:24Z
Network: openweb
Published URL: https://cracked.st/Thread-5-1M-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 900K UHQ Outlook combo list
Category: Combo List
Content: A forum user is distributing a combo list advertised as containing 900,000 Outlook credentials marketed as fresh. The post requires a reply to access the hidden download link. The named service (Outlook) is a credential-stuffing target, not the breach victim.
Date: 2026-05-18T02:20:49Z
Network: openweb
Published URL: https://altenens.is/threads/900k-uhq-outlook-combo-fresh.2942214/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.2M UHQ Yahoo combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 1.2 million credentials marketed as UHQ and fresh, targeting Yahoo accounts. Access to the content requires a reply to the thread.
Date: 2026-05-18T02:20:23Z
Network: openweb
Published URL: https://altenens.is/threads/1-2m-uhq-yahoo-combo-fresh.2942218/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free USA mixed email combo list (IMAP/SMTP)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 7 million mixed USA email credentials marketed for IMAP and SMTP access. The list is being shared freely via a Telegram channel. No specific victim organization is identified.
Date: 2026-05-18T02:16:46Z
Network: openweb
Published URL: https://crackingx.com/threads/75615/
Screenshots:
None
Threat Actors: CODER
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Filterway by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a subdirectory or media path on filterway.com, a website associated with filtration or water filter products. The attack was a targeted, single-site defacement with no team affiliation reported. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-18T02:14:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924081
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing / Filtration Products
Victim Organization: Filterway
Victim Site: filterway.com
China Email:Pass Combo List (31K+)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 31,000 email and password pairs purportedly sourced from China, marketed as fresh and high quality. The list is available to forum members who reply to the thread or upgrade their account. No specific breached organization is identified.
Date: 2026-05-18T02:10:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%A6%E2%9C%A6-31-K-%E2%9C%A6-China-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Max_Leaks
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of WeLoveDeco by DimasHxR
Category: Defacement
Content: On May 18, 2026, the attacker known as DimasHxR defaced a media/custom directory path on welovedeco.ch, a Swiss home decor website. The incident was a targeted single-site defacement, not classified as a mass or home page defacement. No specific motive or server details were disclosed.
Date: 2026-05-18T02:08:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924072
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Switzerland
Victim Industry: Retail / Home Decor
Victim Organization: WeLoveDeco
Victim Site: welovedeco.ch
Website Defacement of Teolpack by DimasHxR
Category: Defacement
Content: On May 18, 2026, the Serbian website teolpack.rs was defaced by a threat actor operating under the alias DimasHxR. The attack targeted a subdirectory of the site and was neither a mass nor a home page defacement. No specific motive or team affiliation was identified for this incident.
Date: 2026-05-18T02:07:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924060
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Serbia
Victim Industry: Manufacturing / Packaging
Victim Organization: Teolpack
Victim Site: teolpack.rs
Website Defacement of Shining Petals by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website shiningpetals.com was defaced by the threat actor DimasHxR acting independently without a team affiliation. The attack targeted a subdirectory of the site rather than the homepage, suggesting a targeted intrusion into a specific media or custom content path. No motive or proof-of-concept details were disclosed alongside the incident record.
Date: 2026-05-18T02:07:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924051
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Floral Services
Victim Organization: Shining Petals
Victim Site: shiningpetals.com
Website Defacement of Xeghepthaibinh24h by DimasHxR
Category: Defacement
Content: On May 18, 2026, the attacker DimasHxR defaced a media directory page on xeghepthaibinh24h.com, a Vietnamese ride-sharing or carpooling service website. The incident was a targeted single-page defacement, not associated with a group or mass defacement campaign. Server and infrastructure details were not disclosed in the available data.
Date: 2026-05-18T02:06:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924074
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Transportation / Ride-Sharing
Victim Organization: Xe Ghep Thai Binh 24h
Victim Site: xeghepthaibinh24h.com
Website Defacement of US BioLab by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced a media/customer directory page on usbiolab.com, a US-based biotechnology or laboratory services organization. The incident was a targeted single-site defacement, not part of a mass defacement campaign. No team affiliation, stated motive, or server details were disclosed.
Date: 2026-05-18T02:05:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924068
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Biotechnology / Life Sciences
Victim Organization: US BioLab
Victim Site: usbiolab.com
Website Defacement of Zdrowy.shop by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced a subdirectory of zdrowy.shop, a Polish e-commerce website likely operating in the health and wellness retail sector. The attack targeted a customer media directory within a Magento-based web infrastructure, as indicated by the pub/media/customer path. The incident was a targeted, non-mass defacement with no associated team affiliation reported.
Date: 2026-05-18T02:04:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924077
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: E-Commerce / Health & Wellness Retail
Victim Organization: Zdrowy Shop
Victim Site: zdrowy.shop
Website Defacement of Utsav by DimasHxR
Category: Defacement
Content: On May 18, 2026, the attacker known as DimasHxR defaced a media/customer address page hosted on utsav.ws, a website associated with Utsav Fashion, an Indian e-commerce retailer. The defacement targeted a specific subdirectory rather than the homepage and was carried out as a single, targeted incident. No team affiliation was identified for the attacker.
Date: 2026-05-18T02:03:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924069
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: E-Commerce / Retail
Victim Organization: Utsav Fashion
Victim Site: utsav.ws
Website Defacement of Tripada Yoga Shop by DimasHxR
Category: Defacement
Content: On May 18, 2026, the attacker known as DimasHxR defaced the website of Tripada Yoga Shop, a yoga and wellness retail platform. The defacement targeted a subdirectory of the site rather than the homepage and was carried out as a solo, non-mass incident. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-18T02:02:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924065
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce (Health & Wellness)
Victim Organization: Tripada Yoga Shop
Victim Site: tripada-yoga-shop.com
Website Defacement of Urban Caves by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on urbancaves.ro, a Romanian hospitality or tourism-related website. The defacement targeted a specific media directory path rather than the homepage and was carried out as a solo, non-mass operation. No specific motive or team affiliation was disclosed by the attacker.
Date: 2026-05-18T02:02:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924067
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Hospitality / Tourism
Victim Organization: Urban Caves
Victim Site: urbancaves.ro
Website Defacement of Wentzstore by DimasHxR
Category: Defacement
Content: On May 18, 2026, the threat actor DimasHxR defaced a page on wentzstore.com, targeting a file within the stores media/customer directory. The defacement was an individual, non-mass, and non-redefacement incident with no stated political or ideological motive. Technical details such as server OS, IP, and software were not disclosed.
Date: 2026-05-18T02:01:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924073
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Wentz Store
Victim Site: wentzstore.com
Website Defacement of teol-rs.website by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor operating under the alias DimasHxR defaced a subdirectory of teol-rs.website, targeting a media/customer-related web path. The attacker acted independently without affiliation to a known group. No specific motive, server details, or proof of concept were disclosed in connection with this incident.
Date: 2026-05-18T02:00:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924058
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: teol-rs.website
Website Defacement of Slurry Monster by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website slurrymonster.com was defaced by threat actor DimasHxR acting independently without an affiliated group. The defacement targeted a subdirectory of the sites public media folder, suggesting exploitation of a content management system vulnerability. The incident was recorded as a single, non-mass, non-redefacement attack with limited technical metadata available.
Date: 2026-05-18T01:59:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924054
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Slurry Monster
Victim Site: slurrymonster.com
Website Defacement of Starmoto by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a page on starmoto.se, a Swedish automotive or motorsports-related website. The attack targeted a subdirectory path associated with customer media content. The defacement was an isolated, non-mass incident with no team affiliation reported.
Date: 2026-05-18T01:58:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924055
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Sweden
Victim Industry: Automotive / Motorsports
Victim Organization: Starmoto
Victim Site: starmoto.se
Website Defacement of The Big Bed Company by DimasHxR
Category: Defacement
Content: On May 18, 2026, the attacker known as DimasHxR defaced a media directory path on thebigbedcompany.com, a furniture retail website. The defacement targeted a subdirectory within the sites pub/media path, commonly associated with e-commerce platforms such as Magento. No team affiliation, stated motive, or additional technical indicators were disclosed in connection with this incident.
Date: 2026-05-18T01:58:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924061
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail – Furniture/Home Goods
Victim Organization: The Big Bed Company
Victim Site: thebigbedcompany.com
Website Defacement of TogoGreen by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a media/customer directory on the website togogreen.eco, an environmental or green initiative platform. The attack was an isolated, targeted defacement rather than a mass or home page compromise. No team affiliation, motive, or server details were disclosed in connection with this incident.
Date: 2026-05-18T01:57:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924064
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Environmental / Sustainability
Victim Organization: TogoGreen
Victim Site: togogreen.eco
Website Defacement of Samdoit by DimasHxR
Category: Defacement
Content: On May 18, 2026, the website samdoit.com was defaced by the threat actor DimasHxR operating without a team affiliation. The attack targeted a specific media/customer directory path rather than the homepage, indicating a targeted sub-page defacement. No motive or technical details regarding the server environment were disclosed.
Date: 2026-05-18T01:56:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924050
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Samdoit
Victim Site: samdoit.com
Website Defacement of RubberEva Shop by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced the website rubberevashop.com, an e-commerce platform likely selling rubber or EVA-based products. The defacement targeted a specific media directory path and was a single, non-mass incident. No team affiliation, stated motive, or server details were disclosed.
Date: 2026-05-18T01:55:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924049
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: RubberEva Shop
Victim Site: rubberevashop.com
Website Defacement of UPS Buyer by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a subpage of upsbuyer.com, targeting a media or customer advertisement directory. The attack was an individual defacement, not part of a mass or coordinated campaign, and the attacker operated without affiliation to a known group. Technical details regarding the server environment and motive remain unknown.
Date: 2026-05-18T01:54:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924066
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: UPS Buyer
Victim Site: upsbuyer.com
Sale of BLACKOUT enterprise phishing panel and service engine
Category: Phishing
Content: A threat actor is offering for sale a phishing panel called BLACKOUT, described as an enterprise-grade platform for building, deploying, and managing custom phishing portals. The panel includes features such as live session monitoring, WebSocket relay with E2EE, TOTP 2FA capture, role-based access control, a capture engine, and an automation playbook builder. The seller is accepting cryptocurrency payments and directing prospective buyers to contact via Telegram.
Date: 2026-05-18T01:54:40Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325605
Screenshots:
None
Threat Actors: .Magic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of The Wholesale Gift Shop by DimasHxR
Category: Defacement
Content: On May 18, 2026, a threat actor identified as DimasHxR defaced a media directory page on thewholesalegiftshop.com, a wholesale retail website. The incident was a targeted single-page defacement, not a mass or home page defacement. No specific motive, server details, or team affiliation were disclosed in connection with this attack.
Date: 2026-05-18T01:54:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924062
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-commerce
Victim Organization: The Wholesale Gift Shop
Victim Site: thewholesalegiftshop.com
Website Defacement of Rojely by DimasHxR
Category: Defacement
Content: On May 18, 2026, threat actor DimasHxR defaced a subdirectory of rojely.com, targeting the sites customer media upload path (/pub/media/customer/), which is indicative of a Magento-based e-commerce platform. The defacement was a targeted, non-mass incident with no stated motive or team affiliation. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-18T01:53:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924048
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Rojely
Victim Site: rojely.com
Website Defacement of Violetta Cosmeticos by DimasHxR
Category: Defacement
Content: On May 18, 2026, the attacker known as DimasHxR defaced a subdirectory of violettacosmeticos.com.ar, an Argentine cosmetics retailer. The incident was a targeted, non-mass defacement affecting a specific page rather than the site homepage. No team affiliation, stated motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-18T01:52:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924070
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Argentina
Victim Industry: Retail / Beauty & Cosmetics
Victim Organization: Violetta Cosmeticos
Victim Site: violettacosmeticos.com.ar
Sale or distribution of 740GB URL:Login:Password logs and stealer data
Category: Logs
Content: A threat actor is distributing a 740GB collection of URL:Login:Password (ULP) credential logs and stealer log data via a Telegram channel. The post provides no further details on the origin, targeted services, or specific record count.
Date: 2026-05-18T01:45:49Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-740GB-ULP-Logs
Screenshots:
None
Threat Actors: pente556
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Brazil email:password combo list of 723K credentials
Category: Combo List
Content: A threat actor on a dark web forum is distributing a combo list of approximately 723,000 email:password pairs purportedly associated with Brazilian accounts. The credentials are marketed as fresh and high quality. Access to the list requires a reply or account upgrade on the forum.
Date: 2026-05-18T01:44:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-723-K-Combo-%E2%9C%AA-Brazil-%E2%9C%AA-14-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chinas National Supercomputing Center (NSCC) with classified military and aerospace research
Category: Data Leak
Content: A threat actor claims to have exfiltrated over 10 petabytes of data from Chinas National Supercomputing Center in Tianjin and linked high-performance computing clusters associated with AVIC, COMAC, and Chinese space programs. The alleged dataset purportedly includes classified military-aerospace research, stealth and supersonic technology simulations, satellite telemetry, and bunker-buster modeling data. The actor claims proof files including directory listings and technical diagrams are circul
Date: 2026-05-18T01:41:28Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-LEAK–189410
Screenshots:
None
Threat Actors: tolerantcyber2
Victim Country: China
Victim Industry: Government
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Sale of stealer logs with URL:LOG:PASS credentials targeting vulta.pw
Category: Logs
Content: A threat actor is distributing a URL:LOG:PASS credential dataset containing approximately 7.44 million records, marketed as fresh stealer log output. The content is hidden behind a registration or login gate on the forum. The post references vulta.pw as an associated web service.
Date: 2026-05-18T01:20:11Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1URL-LOG-PASS-7-44M-%E2%AD%90%EF%B8%8FVULTA-PW%E2%AD%90%EF%B8%8F-FRESH-%E2%9A%A1
Screenshots:
None
Threat Actors: vultapower
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vulta.pw
Combo List targeting Hotmail accounts for gaming and shopping services
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1.5 million email:password lines targeting Hotmail accounts, marketed for use against gaming and shopping services. The credentials are intended for credential-stuffing attacks against these platforms.
Date: 2026-05-18T01:17:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-526-693-Lines-%E2%9C%85-Gaming-and-Shopping-Target-Hotmail
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 15,000 Asia mail:password credentials shared for free
Category: Combo List
Content: A threat actor shared a combo list of over 15,000 email:password pairs claimed to originate from Asian mail services, marketed as ultra high quality. The credentials were made available for free on a public forum.
Date: 2026-05-18T01:17:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-15-000-ASIA-MAIL-PASSWORD-DATA-ULTRA-HIGH-QUALITY
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access to cloud infrastructure and compromised credentials
Category: Initial Access
Content: Threat actor offering rental access to RDP servers on Azure, AWS, and DigitalOcean infrastructure at $200, along with compromised domain email accounts, Gmail/Yahoo accounts, GitHub Student accounts, and stolen subscription credentials (ChatGPT Plus, Claude 20x, ElevenLabs Creator Plan). Services offered with escrow protection. Indicates initial access broker or credential trafficking operation.
Date: 2026-05-18T01:17:20Z
Network: telegram
Published URL: https://t.me/c/2613583520/83896
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of mixed valid mail access credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 20,600 mixed valid mail access credentials, marketed as private and high quality. The list is dated May 18, 2026 and shared freely via a Telegram contact.
Date: 2026-05-18T01:14:58Z
Network: openweb
Published URL: https://nulledbb.com/thread-20-6K-%E2%9C%A8-Mix-%E2%9C%A8-Valid-Mail-Access-18-05
Screenshots:
None
Threat Actors: tutuba4m
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 2,000 alleged valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,000 alleged valid Hotmail credentials, marketed as private and high quality. The content is gated behind forum registration or login.
Date: 2026-05-18T01:04:52Z
Network: openweb
Published URL: https://leakforum.io/Thread-2-0K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-18-05
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (1.5GB)
Category: Logs
Content: A forum user is freely distributing 1.5GB of stealer logs. The post is a bump with no additional details about the origin, scope, or specific victims of the logs.
Date: 2026-05-18T00:55:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-1-5GB-%E2%AD%90%EF%B8%8F-STEALER-LOGS-FULL-LOGS-%E2%AD%90%EF%B8%8F–2095527
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 1.6GB stealer log dump
Category: Logs
Content: A forum user is freely distributing a 1.6GB archive of stealer logs. No specific victim organization or country is identified. The post solicits likes and reputation points in exchange for the content.
Date: 2026-05-18T00:55:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-1-6GB-FULL-LOGS–2095534
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 122 million URL:Login:Password combo list
Category: Combo List
Content: A threat actor known as DevelMakss has freely shared a combo list containing 122 million URL:login:password credential pairs on a cracking forum. The post markets the list as high quality. No specific victim organization or breach source is identified.
Date: 2026-05-18T00:54:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-122M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 5GB URL:Login:Password combo list from stealer logs
Category: Logs
Content: A threat actor on Cracked.st has freely shared a 5GB dataset of URL:login:password lines claimed to be extracted from stealer logs. The data is distributed at no cost in exchange for likes and reputation points. No specific victim organization or targeted service is identified.
Date: 2026-05-18T00:54:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-5GB-URL-LOGIN-PASS-lines-From-LOGS–2095533
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 14K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 14,000 Hotmail credentials on a cracking forum. The list is marketed as containing valid mail access. This is a credential stuffing resource, not a breach of Hotmail or Microsoft.
Date: 2026-05-18T00:54:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-14K-%E2%9C%A8-HOTMAIL-MIX-VALID-MAIL-ACCESS-%E2%9C%A8–2095526
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 9,000 Hotmail Credentials
Category: Combo List
Content: A forum user is sharing a combo list containing approximately 9,000 Hotmail email and password combinations. The post claims mail access, suggesting the credentials have been verified. The content is being distributed freely on a public cracking forum.
Date: 2026-05-18T00:53:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-9k-Hotmail-lines-Mail-Access–2095532
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed USA Email:Password Credentials (10,000+)
Category: Combo List
Content: A threat actor shared a combo list containing over 10,000 mixed USA email:password credential pairs, marketed as ultra high quality. The data was distributed freely on a cracking forum. No specific victim organization or breach source was identified.
Date: 2026-05-18T00:53:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-000-MIX-USA-MAIL-PASSWORD-DATA-ULTRA-HIGH-QUALITY
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 190K mixed email credentials with mail access
Category: Combo List
Content: A threat actor on a cracking forum is freely sharing a combo list of approximately 190,000 mixed email:password lines marketed as valid for mail access. The post offers the credentials at no charge, soliciting likes and reputation in return.
Date: 2026-05-18T00:52:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-190k-Mix-lines-Mail-Access
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged website defacement by C10F/X404 Indonesian defacer team
Category: Defacement
Content: C10F/X404, identifying as part of an Indonesian defacer team, claimed responsibility for defacing a Hostinger-hosted website (midnightblue-dinosaur-506932-hostingersite-com-208824.hostingersite.com). Multiple pages were defaced including root directory and subdirectories under /C10F/ path, with defacement pages created at various HTTP error code paths (401-405) and custom pages.
Date: 2026-05-18T00:31:17Z
Network: telegram
Published URL: https://t.me/c/3755871403/516
Screenshots:
None
Threat Actors: C10F
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: midnightblue-dinosaur-506932-hostingersite-com-208824
Victim Site: midnightblue-dinosaur-506932-hostingersite-com-208824.hostingersite.com
Alleged leak of passport scans from over 20 countries
Category: Data Leak
Content: A threat actor has freely distributed a collection of passport scans covering individuals from more than 20 countries, including the USA, Australia, China, Israel, and others. The files were made available via a Mega.nz download link. No specific source organization or record count was disclosed.
Date: 2026-05-18T00:26:28Z
Network: openweb
Published URL: https://breached.st/threads/passport-scans-more-than-20-countries.87288/unread
Screenshots:
None
Threat Actors: raylie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Leak of French identity document packs for KYC bypass
Category: Carding
Content: A threat actor has made available a collection of French identity document packs including national IDs, passports, pay slips, tax notices, utility bills, proof of address, and employment contracts, explicitly marketed for online KYC verification bypass. The documents are shared via a MediaFire download link and reportedly do not include bank identity statements (RIB).
Date: 2026-05-18T00:25:58Z
Network: openweb
Published URL: https://breached.st/threads/fr-french-france-docs-packs-ids.87289/unread
Screenshots:
None
Threat Actors: raylie
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Pôle Emploi Nord database
Category: Data Leak
Content: A threat actor shared a link to what is claimed to be a database from Pôle Emploi Nord, the French public employment agency, scraped around June 2021. The post references a news article about a prior data breach at Pôle Emploi and provides a file download link. No record count or specific data fields were disclosed in the post.
Date: 2026-05-18T00:04:44Z
Network: openweb
Published URL: https://breached.st/threads/database-pole-emploi-nord.87287/unread
Screenshots:
None
Threat Actors: raylie
Victim Country: France
Victim Industry: Government
Victim Organization: Pôle Emploi Nord
Victim Site: pole-emploi.fr

Related Posts

[April-21-2025] Daily Cybersecurity Threat Report

[May-19-2025] Daily Cybersecurity Threat Report

[November-24-2025] Daily Cybersecurity Threat Report