Detected Incidents Draft Data
- Sale of private email access combo list with 45,807 credentials
Category: Combo List
Content: A combo list of 45,807 email credentials described as private full-access mail combos was shared on a cracking forum. The post appears to contain email:password pairs intended for credential stuffing or account takeover. No specific breached organization is identified.
Date: 2026-05-19T23:57:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-45-807-Private-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of worldwide Hotmail/Gmail combo list
Category: Combo List
Content: A threat actor known as Lulpab is freely distributing a combo list of Hotmail and Gmail credential lines marketed as fresh and high-quality. The post advertises daily releases of worldwide email credentials and directs users to a Telegram channel for additional content.
Date: 2026-05-19T23:57:21Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8-FRESH-WORLDWIDE-HQ-HOTMAIL-LINES-20-05-26-01-%E2%9C%A8
Screenshots:
None
Threat Actors: Lulpab
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Redefacement of lahudky.online by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website lahudky.online was redefaced by threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, on May 20, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced by the same or another actor. The attack targeted a subdirectory of the site, suggesting exploitation of a specific web application component or uploaded media path.
Date: 2026-05-19T23:55:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925124
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Lahudky
Victim Site: www.lahudky.online - Sale of Cracked BlackBullet 2.1.6 Credential Stuffing Tool
Category: Combo List
Content: A cracked version of BlackBullet 2.1.6, a modular credential-stuffing and automation suite, is being distributed on a cracking forum. The tool supports custom configs, proxy handling, multi-threaded processing, and real-time stats for large-scale credential-stuffing operations. A VirusTotal link is provided alongside a disclaimer noting antivirus detections.
Date: 2026-05-19T23:53:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-BlackBullet-2-1-6-Cracked
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Forum chatter: user concern over USPS inquiry following delayed mail package
Category: Chatter
Content: A darknet forum user posted seeking advice after contacting USPS about a delayed package reportedly containing counterfeit pills. The post contains no threat intelligence value and does not describe a cyber attack, breach, or criminal service offering. Content is personal in nature and relates to physical contraband, not digital threats.
Date: 2026-05-19T23:52:26Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4cf23e065a14e7099662
Screenshots:
None
Threat Actors: yayoboggins 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged mass website defacements by HELLR00TERS TEAM
Category: Defacement
Content: HELLR00TERS TEAM claims to have hacked and defaced multiple WordPress-based websites across various countries. The threat actor posted links to compromised sites hosted on multiple domains, primarily printing and design-related businesses. The defacement appears to involve uploading files to WordPress upload directories on compromised sites.
Date: 2026-05-19T23:52:15Z
Network: telegram
Published URL: https://t.me/c/3865526389/982
Screenshots:
None
Threat Actors: HELLR00TERS TEAM
Victim Country: Unknown
Victim Industry: Printing, Design, E-commerce
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of cyos.co.in by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 20, 2026, the website cyos.co.in was defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd. The defacement targeted a subdirectory path related to customer address media files and was neither a mass nor home page defacement. The incident was archived via zone-xsec mirror for reference.
Date: 2026-05-19T23:49:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925123
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: India
Victim Industry: Unknown
Victim Organization: CYOS
Victim Site: cyos.co.in - Mass Defacement of Indonesian School Website by Irene (XmrAnonye.id)
Category: Defacement
Content: The website of SMAN 3 Purwakarta, an Indonesian public high school, was defaced by a threat actor identified as Irene operating under the team XmrAnonye.id. This incident is classified as both a mass defacement and a redefacement, indicating the attacker has previously compromised this or related targets. The defacement was hosted on a Linux-based server and archived via haxor.id.
Date: 2026-05-19T23:46:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249401
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMAN 3 Purwakarta
Victim Site: smagalapak.sman3pwt.sch.id - Website Defacement of Hot Tub Rescue by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 20, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a media/custom directory page on hottubrescue.co.uk, a UK-based hot tub service and retail website. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motive or server details were disclosed.
Date: 2026-05-19T23:40:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925122
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: United Kingdom
Victim Industry: Retail / Home & Leisure Services
Victim Organization: Hot Tub Rescue
Victim Site: hottubrescue.co.uk - Website Defacement of Instant Promotion by DimasHxR
Category: Defacement
Content: On May 20, 2026, a threat actor identified as DimasHxR defaced a subdirectory of instantpromotion.co.uk, a UK-based marketing and promotions website. The attack was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-05-19T23:34:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925119
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Marketing and Advertising
Victim Organization: Instant Promotion
Victim Site: instantpromotion.co.uk - Website Defacement of MiMarket.mx by DimasHxR
Category: Defacement
Content: On May 20, 2026, the threat actor DimasHxR defaced a media/customer directory page on mimarket.mx, a Mexican e-commerce or retail platform. The attack was a targeted, non-mass defacement affecting a specific subdirectory rather than the homepage. No team affiliation, stated motive, or technical server details were disclosed in association with this incident.
Date: 2026-05-19T23:32:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925121
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Mexico
Victim Industry: E-Commerce / Retail
Victim Organization: MiMarket
Victim Site: mimarket.mx - Website Defacement of Farmacia.pro by DimasHxR
Category: Defacement
Content: On May 20, 2026, a threat actor known as DimasHxR defaced a subdirectory of farmacia.pro, a website associated with pharmacy or pharmaceutical services. The defacement targeted a specific media/customer path rather than the homepage, suggesting a targeted or opportunistic attack on a vulnerable web resource. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-19T23:30:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925118
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare / Pharmacy
Victim Organization: Farmacia
Victim Site: farmacia.pro - Sale of European mixed combo list with 30,432 credentials
Category: Combo List
Content: A combo list containing 30,432 email and password pairs described as a private full access European mix has been shared on a cracking forum. The post appears to offer credentials for use in credential stuffing activities. No specific victim organization or breach source is identified.
Date: 2026-05-19T23:29:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-30-432-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of email:password combo list (mixed USA and Worldwide)
Category: Combo List
Content: A threat actor is selling a combo list of 663,000 email:password credentials described as mixed USA and worldwide. The listing is priced cheaply with no refund or replacement policy, but testing is available. No specific breach source or victim organization is identified.
Date: 2026-05-19T23:28:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-WTS-GOOD-COMBOS-EMAIL-PASS–2096581
Screenshots:
None
Threat Actors: Reoza
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 190K Fresh HQ Email:Password Combo List
Category: Combo List
Content: A threat actor is distributing and selling a combo list of approximately 190,000 email:password credential pairs marketed as fresh and high quality. The credentials are advertised as suitable for credential stuffing against services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor promotes sales via Telegram and a cracking-focused website.
Date: 2026-05-19T23:25:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-190k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–204812
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Siola.it by DimasHxR
Category: Defacement
Content: On May 20, 2026, a threat actor identified as DimasHxR defaced a page on the Italian website siola.it, specifically targeting a path within the media/customer address directory. The attacker operated without an affiliated team and the defacement was limited to a single non-homepage URL. No specific motive or server details were disclosed.
Date: 2026-05-19T23:24:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925116
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Siola
Victim Site: siola.it - Website Defacement of FloorSave by Threat Actor DimasHxR
Category: Defacement
Content: On May 20, 2026, threat actor DimasHxR defaced a media/customer directory page on floorsave.co.uk, a UK-based flooring retail website. The incident was a targeted, non-mass defacement affecting a subdirectory rather than the homepage. No team affiliation or stated motivation was identified for this attack.
Date: 2026-05-19T23:21:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925115
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / Home Improvement
Victim Organization: FloorSave
Victim Site: floorsave.co.uk - Website Defacement of Stephans.de by DimasHxR
Category: Defacement
Content: On May 20, 2026, the website stephans.de was defaced by a threat actor operating under the alias DimasHxR. The attacker targeted a specific media/customer directory path on the site. The incident was a single, targeted defacement with no team affiliation reported and no declared motive.
Date: 2026-05-19T23:15:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925112
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Stephans
Victim Site: stephans.de - Alleged Illegal Hacking Services Advertisement
Category: Cyber Attack
Content: User advertising various illegal hacking and account compromise services including Telegram, mobile phones, websites, iCloud, email, social media platforms (Snapchat, Reddit, LinkedIn), and IP cameras. Also offers stolen funds recovery services. Contact provided via Telegram handle @sureciphern__.
Date: 2026-05-19T23:13:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/85237
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Torsbo Handels by DimasHxR
Category: Defacement
Content: On May 20, 2026, a threat actor operating under the alias DimasHxR defaced a page on torsbohandels.com, a Swedish retail or trading company website. The attacker targeted a non-homepage URL within the sites media directory, indicating a targeted single-page defacement rather than a mass or home page compromise. No team affiliation, stated motive, or server details were disclosed in connection with this incident.
Date: 2026-05-19T23:12:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925113
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Sweden
Victim Industry: Retail / E-Commerce
Victim Organization: Torsbo Handels
Victim Site: torsbohandels.com - Alleged data leak of Karawang Regency Population and Civil Registration Office (Dukcapil) database
Category: Data Leak
Content: A threat actor operating under the alias Mr. Hanz Xploit claims to be distributing a database belonging to the Karawang Regency Population and Civil Registration Office (Dukcapil) free of charge. The database reportedly contains civil registration and population records. A sample was included in the post.
Date: 2026-05-19T23:10:24Z
Network: openweb
Published URL: https://breached.st/threads/database-dukcapil-kabupaten-karawang.87404/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Dinas Kependudukan dan Pencatatan Sipil Kabupaten Karawang
Victim Site: Unknown - Alleged data breach of official government site of Georgia
Category: Data Breach
Content: A threat actor operating under the name 404Crew Cyber Team posted a thread on a breach forum referencing an official government site of Georgia. No post content was available to confirm specific details regarding the nature or extent of the alleged breach.
Date: 2026-05-19T23:09:39Z
Network: openweb
Published URL: https://breached.st/threads/official-government-site-of-georgia.87405/unread
Screenshots:
None
Threat Actors: 404Crew Cyber Team
Victim Country: Georgia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged breach of Dukcapil database – Karawang Regency, Indonesia
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit has posted on Breachforums regarding a breach of the Dukcapil (Direktorat Jenderal Kependudukan dan Pencatatan Sipil) database for Karawang Regency. Dukcapil is Indonesias civil registry system containing sensitive population data. The breach details are being shared on the Breachforums platform.
Date: 2026-05-19T23:08:57Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/211
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Government – Civil Registry
Victim Organization: Dukcapil Karawang Regency
Victim Site: Unknown - Combo List: 8.4K Private Mix Credentials Shared on Forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 8,400 credentials on a forum. The content is hidden behind a registration/login wall. The poster also advertises private cloud services via direct message.
Date: 2026-05-19T23:03:46Z
Network: openweb
Published URL: https://patched.to/Thread-8-4k-private-mix-by-blackcloversuppprt
Screenshots:
None
Threat Actors: Dataseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 22K Mixed Mail Access HQ Combo List
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 22,000 mixed mail access credentials marketed as high quality. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-19T23:03:30Z
Network: openweb
Published URL: https://patched.to/Thread-22k-mixed-mail-access-hq-combolist
Screenshots:
None
Threat Actors: Vonmoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of ANDE (Paraguay National Electricity Administration) – 1.65M records
Category: Data Breach
Content: Threat actor claiming to have breached ande.gov.py (Paraguays national electricity utility) and offering 1,650,000 records for sale at $2,000 (negotiable). Exposed data includes NIS numbers, account holder names, ID numbers, occupations, emails, phone numbers, addresses, neighborhoods, cities, and monthly electricity consumption data (kWh). Contact via Telegram @shinycorpsh with supporter @node6240.
Date: 2026-05-19T23:01:13Z
Network: telegram
Published URL: https://t.me/c/3500620464/8237
Screenshots:
None
Threat Actors: shinycorpsh
Victim Country: Paraguay
Victim Industry: Energy/Utilities
Victim Organization: ANDE (Administración Nacional de Electricidad)
Victim Site: ande.gov.py - Alleged sale of email credentials, cookies, and combolist access
Category: Combo List
Content: Threat actor advertising sale of stolen credentials including email:password combinations, Gmail cookies, LinkedIn cookies and passwords. Additional post offers mail access and combo lists/configs/scripts/tools across multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP) with contact via Telegram for purchase requests.
Date: 2026-05-19T22:54:30Z
Network: telegram
Published URL: https://t.me/c/2613583520/85219
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Bank of India customer records
Category: Data Leak
Content: A threat actor is distributing a database allegedly belonging to Bank of India for free. The post claims the dataset contains customer data affecting approximately 7 million individuals. A sample is included in the post.
Date: 2026-05-19T22:54:19Z
Network: openweb
Published URL: https://breached.st/threads/7-million-indian-bank-customer-data-exposed.87403/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: India
Victim Industry: Finance
Victim Organization: Bank of India
Victim Site: bankofindia.co.in - Alleged exposure of 7 million Indian bank customer records
Category: Data Breach
Content: A Breachforums thread discusses the exposure of 7 million Indian bank customer data. The thread is attributed to user mr-hanz-xploit on Breachforums. Details indicate a significant breach affecting Indian banking sector customers.
Date: 2026-05-19T22:53:43Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/210
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: India
Victim Industry: Financial Services/Banking
Victim Organization: Indian banking sector
Victim Site: Unknown - Sale of Canadian email/password combo list with 104K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 104,000 email and password pairs purportedly associated with Canadian users. The list is hosted on Anonfilesnew and shared on BreachForums.
Date: 2026-05-19T22:45:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Canada-104K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Money mule service offered for e-commerce fraud operations
Category: Chatter
Content: A forum user is advertising money mule services on a French-language darknet forum, offering to move funds via a Wise business account registered under an LLC in exchange for a percentage cut. The service is explicitly marketed toward non-shipping scammers and other e-commerce fraud actors operating on platforms such as Shopify.
Date: 2026-05-19T22:44:38Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/21edc0941a7c29f244ae
Screenshots:
None
Threat Actors: mamalenn666 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of USA Facebook email and password combo list
Category: Combo List
Content: A threat actor is distributing a combo list of USA-based Facebook email and password credentials via an anonymous file-sharing service. The post does not indicate record count or pricing. These credentials are likely sourced from prior breaches and formatted for credential stuffing.
Date: 2026-05-19T22:44:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-USA-Facebook-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of stolen Claude API keys with token credits
Category: Data Leak
Content: A threat actor is freely distributing what are claimed to be stolen Claude API keys with approximately 2 million tokens of credits, including access to Claude Opus 4.7 and other models. The keys were shared on a cracking forum with a requirement for likes and reputation boosts in exchange for access.
Date: 2026-05-19T22:43:53Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-2-MILLION-TOKENS-CLAUDE-OPUS-4-7-AND-MORE-API-KEY-%E2%AD%90–2096564
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Alleged sale of Hotmail combolists and stealer logs across multiple countries
Category: Combo List
Content: Threat actor Wěilóng is advertising the sale of private cloud Hotmail UHQ (ultra high quality) combolists and credential lists from multiple countries (DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SG). Also offering Gmail cookies, LinkedIn cookies with passwords, and other platform credentials. Seller claims ability to verify keywords and targets serious buyers only.
Date: 2026-05-19T22:43:47Z
Network: telegram
Published URL: https://t.me/c/2613583520/85218
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com, gmail.com, linkedin.com - Combo List: Private Full Access Europa Mix (20,118 credentials)
Category: Combo List
Content: A combo list containing 20,118 full access (FA) email:password credentials targeting European accounts has been shared on a cracking forum. The list is described as private and formatted as a mixed Europa combo. No specific victim organization or service is identified.
Date: 2026-05-19T22:43:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-20-118-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Germany domain combo list with 988,693 lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 988,693 email:password lines targeting German (.de) domain accounts. The list is marketed as sourced from good leaks and is likely intended for credential stuffing.
Date: 2026-05-19T22:43:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-988-693-Lines-%E2%9C%85-Good-Leaks-De-Germany-Domain-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of private email:password combo list by BatmanMail
Category: Combo List
Content: A threat actor operating as BatmanMail is distributing a private mix combo list claimed to contain unique and valid email:password credentials. The post promotes the actors Telegram channel as a source for private, non-public credential lists. No specific victim organization or record count is mentioned.
Date: 2026-05-19T22:42:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Private-Mix-BatmanMail-5
Screenshots:
None
Threat Actors: BatmanMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of infostealer logs and mail access credentials
Category: Logs
Content: Threat actor operating under handle @Dataxlogs is offering mail access and infostealer logs for sale, including credentials, configs, scripts, tools, and combo lists from multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan). Seller is actively soliciting customers via Telegram.
Date: 2026-05-19T22:32:33Z
Network: telegram
Published URL: https://t.me/c/2613583520/85209
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of 2 million Claude API tokens
Category: Data Leak
Content: A threat actor claims to be leaking 2 million Claude API tokens on a cybercrime forum. The content is hidden behind a registration/login wall. If valid, these tokens could be used for unauthorized access to Anthropics Claude AI API.
Date: 2026-05-19T22:31:48Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9D%A4%EF%B8%8F-claude-api-tokens-2-million-ai-tokies-%E2%9D%A4%EF%B8%8F-304211
Screenshots:
None
Threat Actors: JVZU
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Sale of 35K Hotmail combo list
Category: Combo List
Content: A forum user is offering a private Hotmail combo list containing approximately 35,000 credential pairs. The content is hidden behind a login/registration wall. No additional details about the data source or format are available.
Date: 2026-05-19T22:31:17Z
Network: openweb
Published URL: https://patched.to/Thread-35k-hotmail-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ combo list
Category: Combo List
Content: A forum post by CicadaHunter on Cracked.st advertises a UHQ combo list containing 30 entries. No additional details or content were available in the post.
Date: 2026-05-19T22:23:31Z
Network: openweb
Published URL: https://cracked.st/Thread-UHQ-30x
Screenshots:
None
Threat Actors: CicadaHunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of European mixed combo list with 23,847 credentials
Category: Combo List
Content: A threat actor on a cracking forum has shared or is offering a mixed European combo list containing approximately 23,847 email:password pairs. The list is described as private and full access (FA). No specific victim organization or breach source is identified.
Date: 2026-05-19T22:19:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-23-847-Private-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Hotmail, Yahoo, and Orange users
Category: Combo List
Content: A combo list containing approximately 192,346 email:password pairs targeting Hotmail.fr, Yahoo, and Orange accounts has been shared on a cracking forum. The credentials are marketed as fresh leaks suitable for credential stuffing. No specific breach source or victim organization is identified.
Date: 2026-05-19T22:18:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-192-346-hotmail-fr-yahoo-orange-Fresh-Leaks-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - China combo list with 17,000 credentials
Category: Combo List
Content: A threat actor shared a combo list reportedly containing 17,000 email and password pairs associated with Chinese accounts. The post was made on a public cracking forum. No specific victim organization or breach source was identified.
Date: 2026-05-19T22:17:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-17k-China-Private-Combolist
Screenshots:
None
Threat Actors: BygBB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Australia combo list with 27,000 credentials
Category: Combo List
Content: A combo list of approximately 27,000 Australian email and password pairs has been shared on a cracking forum. The credentials are described as private and may be used for credential stuffing attacks against various online services.
Date: 2026-05-19T22:16:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-27k-Australia-Private-Combolist
Screenshots:
None
Threat Actors: BygBB
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged hacking services offering Telegram, email, iCloud, and website compromise
Category: Cyber Attack
Content: User @sureciphern advertising illegal hacking services including Telegram account hacking, mobile phone hacking, website hacking, iCloud compromise, email hacking, IP camera hacking, Snapchat hacking, LinkedIn account rental/hacking, Reddit account rental/hacking, and stolen funds recovery services. Contact via Telegram for engagement.
Date: 2026-05-19T22:16:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/85207
Screenshots:
None
Threat Actors: sureciphern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of GMX combo list with 16,000 credentials
Category: Combo List
Content: A forum user is offering a private combo list of 16,000 GMX email credentials. The list appears to contain email and password pairs. No further details are available from the post content.
Date: 2026-05-19T22:16:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-16k-GMX-Private-Combolist
Screenshots:
None
Threat Actors: BygBB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - RDP hosting service advertised on cybercrime forum
Category: Services
Content: A forum user operating under the alias Timi999 is advertising a commercial RDP hosting service called CELERHOST, with plans starting at 9.99€. The service is promoted as secure and includes a 10% discount code. Support and custom plans are available via Telegram.
Date: 2026-05-19T22:15:06Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9D%84%EF%B8%8F-celerhost-1-rdp-provider-starting-at-9-99%E2%82%AC-100-secure-start10-10-off
Screenshots:
None
Threat Actors: Timi999
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Russian combo list with 13,000 credentials
Category: Combo List
Content: A forum member is sharing a private combo list purportedly containing 13,000 credential pairs associated with Russian accounts. The content is hidden behind a registration or login requirement. No specific victim organization or service is identified.
Date: 2026-05-19T22:13:45Z
Network: openweb
Published URL: https://patched.to/Thread-13k-russia-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Japan combo list with 37,000 credentials
Category: Combo List
Content: A forum user is distributing a combo list of approximately 37,000 credentials reportedly associated with Japanese accounts. The content is hidden behind a registration/login wall. No specific victim organization or breach source is identified.
Date: 2026-05-19T22:13:12Z
Network: openweb
Published URL: https://patched.to/Thread-37k-japan-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Italian combo list with 30,000 credentials
Category: Combo List
Content: A threat actor is sharing a private combo list of approximately 30,000 Italian credentials on a cybercrime forum. The content is gated behind registration or login. No specific victim organization or service is identified.
Date: 2026-05-19T22:12:40Z
Network: openweb
Published URL: https://patched.to/Thread-30k-italy-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Netherlands combo list with 18,000 credentials
Category: Combo List
Content: A forum user is sharing a private combo list purportedly containing 18,000 credentials associated with Netherlands-based accounts. The content is hidden behind a registration or login wall. No specific victim organization or service is identified.
Date: 2026-05-19T22:12:08Z
Network: openweb
Published URL: https://patched.to/Thread-18k-netherlands-private-combolist
Screenshots:
None
Threat Actors: bygbb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged illegal hacking services and stolen database sales advertisement
Category: Cyber Attack
Content: User CIPHERN advertising illegal services including Telegram hacking, mobile phone hacking, website hacking, iCloud hacking, email hacking, and account compromises (Snapchat, LinkedIn, Reddit). Contact handle @sureciphern__. Additionally, user Num advertising fresh stolen databases from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with keyword searching capabilities for e-commerce platforms (eBay, Amazon, Walmart, Alibaba, Mercari, etc.) and webmail access.
Date: 2026-05-19T22:12:02Z
Network: telegram
Published URL: https://t.me/c/2613583520/85188
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Multiple (technology, e-commerce, telecommunications)
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 191K Mexico email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 191,000 email:password credential pairs reportedly associated with Mexico. The credentials are marketed as fresh and high quality, shared via a hidden content link on the forum and promoted through a Telegram channel.
Date: 2026-05-19T22:06:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-191-K-Combo-%E2%9C%AA-Mexico-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Latvia with 85K+ credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 85,000+ email:password pairs associated with Latvia, marketed as fresh and high quality. The list is available to registered forum members via hidden content. The actor also promotes a Telegram channel for additional credential listings.
Date: 2026-05-19T22:06:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-85-K-Combo-%E2%9C%AA-Latvia-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Malaysia email:password combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 58,000 email:password pairs purportedly associated with Malaysian accounts, marketed as fresh and high quality. The credentials are available to registered forum members via hidden content. The post also references a Telegram channel for additional logs.
Date: 2026-05-19T22:05:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-58-K-Combo-%E2%9C%AA-Malaysia-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list targeting Montenegro distributed on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 49,000 email:password pairs purportedly associated with Montenegro, marketed as fresh and high quality. The credentials are available to registered forum members and the actor promotes additional content via a Telegram channel.
Date: 2026-05-19T22:05:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-49-K-Combo-%E2%9C%AA-Montenegro-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Montenegro
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list targeting Kenya distributed on cybercrime forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 19,000 email:password credential pairs purportedly associated with Kenyan users, dated May 19, 2026. The credentials are marketed as fresh and high quality. The post references a Telegram channel for additional credential content.
Date: 2026-05-19T22:04:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-19-K-Combo-%E2%9C%AA-Kenya-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Lithuania with 21K email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 21,000 email:password credential pairs associated with Lithuanian accounts, marketed as fresh and high quality. The credentials were posted on a cybercrime forum with access restricted to registered users. The actor also promoted a Telegram channel for additional credential content.
Date: 2026-05-19T22:04:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-21-K-Combo-%E2%9C%AA-Lithuania-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list targeting Micronesia distributed on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 13,000 email:password pairs purportedly associated with Micronesia, dated May 19, 2026. The credentials are marketed as fresh and high quality. The post directs users to a Telegram channel for additional logs.
Date: 2026-05-19T22:03:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-13-K-Combo-%E2%9C%AA-Micronesia-%E2%9C%AA-19-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of alleged data breach of Argentinas Mendoza Judicial Intranet (jus.mendoza.gov.ar)
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of approximately 478,000 records originating from the Mendoza provincial judiciary intranet in Argentina. The dataset is structured across three sections — Contacts, Legal Case Participants, and Communication Logs — containing national IDs, personal and work emails, phone numbers, home addresses, job titles, case participation details, and communication records. The seller is asking $1,200 and has provided sample download links.
Date: 2026-05-19T22:01:17Z
Network: openweb
Published URL: https://breached.st/threads/478k-argentina-https-intranet-jus-mendoza-gov-ar-legal-personnel-records-including-contacts-ids-emails-job-titles.87401/unread
Screenshots:
None
Threat Actors: Databasehooligan
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Poder Judicial de Mendoza
Victim Site: intranet.jus.mendoza.gov.ar - Alleged data breach of MiClub Australia — member contacts, event bookings, and payment records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from miclub.com.au, an Australian golf club management platform, containing approximately 485,000 records. The dataset spans three sections: member personal and contact details (including date of birth, address, and GolfLink ID), event booking records, and membership payment transactions including billing addresses and financial metadata. The data is described as fresh and organized across interconnected tables.
Date: 2026-05-19T22:00:46Z
Network: openweb
Published URL: https://breached.st/threads/485k-australia-https-www-miclub-com-au-member-contacts-and-subscription-details-database.87402/unread
Screenshots:
None
Threat Actors: Databasehooligan
Victim Country: Australia
Victim Industry: Sports & Recreation
Victim Organization: MiClub
Victim Site: miclub.com.au - Alleged sale of infostealer logs and mail access across multiple countries
Category: Logs
Content: Threat actor operating as @DataxLogs advertising stolen mail access and infostealer materials (configs, scripts, tools, combo lists, hits) for victims in France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Contact via Telegram for purchases.
Date: 2026-05-19T21:50:50Z
Network: telegram
Published URL: https://t.me/c/2613583520/85183
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of European mixed combo list with 55,004 credentials
Category: Combo List
Content: A threat actor shared a mixed European email:password combo list containing approximately 55,004 credential pairs on a cracking forum. The list is described as private and full access (FA), suggesting credentials may not have been widely circulated. No specific victim organization or breach source is identified.
Date: 2026-05-19T21:36:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55-004-Private-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list targeting .gov domains distributed on cracking forum
Category: Combo List
Content: A threat actor distributed a combo list of approximately 2.3 million credentials associated with .gov domains on a cracking forum. The list is described as freshly checked and AntiPublic-checked, suggesting it has been filtered for previously unseen or valid credentials. The post is sponsored by RogenCloud and includes a download link.
Date: 2026-05-19T21:36:03Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-2-3M-gov-Combolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed email credential combo list
Category: Combo List
Content: A forum user is sharing or selling a combo list of 1,359 mixed email and password credentials on a cracking forum. The post advertises the credentials as high quality with unspecified keyword targets. No specific victim organization is identified.
Date: 2026-05-19T21:35:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%84%E2%9D%84-1359x-HQ-MIXED-MAILS-%E2%9D%84%E2%9D%84-KEYWORD-TARGETS
Screenshots:
None
Threat Actors: VALID_HITS99
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of private email access combo list with 55,004 credentials
Category: Combo List
Content: A combo list advertised as containing 55,004 private email:password credentials with full access (FA) is being shared on a cracking forum. The post is attributed to user AiCombo and is categorized as a mail access combolist. No additional details about the source or targeted services are available.
Date: 2026-05-19T21:14:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55-004-Private-FA-Mail-Access-Combolist–2096524
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Brazzers account credentials
Category: Combo List
Content: A threat actor is offering Brazzers accounts for sale on a cracking forum, advertising instant access. The post does not specify the record count or method of compromise.
Date: 2026-05-19T21:13:29Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-Best-Price-Brazzers-Accounts-%E2%80%93-Instant-Access%E2%AD%90
Screenshots:
None
Threat Actors: ChaosEnvy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Lockstation.co.uk
Category: Data Leak
Content: A threat actor has freely leaked a CSV database allegedly belonging to Lockstation.co.uk, a UK-based lock supplier. The dataset contains approximately 132,759 rows covering 65,000 users, including billing and delivery addresses, customer emails, order totals, and payment method details. The data is dated 2024.
Date: 2026-05-19T21:04:13Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Lockstation-co-uk-leak
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: United Kingdom
Victim Industry: Retail
Victim Organization: Lockstation
Victim Site: lockstation.co.uk - Free combo list of 6,750 mixed email credentials
Category: Combo List
Content: A threat actor has shared a combo list containing 6,750 mixed email credentials on a leak forum. The content is hidden behind a registration or login wall. No specific victim organization or breach source is identified.
Date: 2026-05-19T20:51:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%85%E2%9A%A16750x-MIXMAIL%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: VaultAdmin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of credential combo list targeting Steam
Category: Combo List
Content: A forum user is sharing a credential combo list marketed as hits against Steam accounts. The actual content is hidden behind a login/registration wall, so specific record counts and data details are not available.
Date: 2026-05-19T20:50:29Z
Network: openweb
Published URL: https://patched.to/Thread-hit-steam
Screenshots:
None
Threat Actors: xHitCheap
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free Outlook and Hotmail combo list with 2,557 lines
Category: Combo List
Content: A threat actor has shared a combo list of 2,557 credential pairs described as mixed logs targeting Outlook and Hotmail accounts. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-19T20:50:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-557-lines-good-combo-mixed-logs-outlook-hotmail
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of corporate email:password combo list
Category: Combo List
Content: A forum post on NulledBB advertises a corporate-targeted email:password combo list. No post content is available; details are limited to the thread title indicating corporate email credentials. No specific victim organization or record count is identified.
Date: 2026-05-19T20:41:10Z
Network: openweb
Published URL: https://nulledbb.com/thread-CORPORATE-TARGET-HQ-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Japan HQ Email:Password Combo List
Category: Combo List
Content: A threat actor shared a combo list advertised as high-quality Japan email:password credentials. The post was made on a cracking forum. No further details are available from the post content.
Date: 2026-05-19T20:40:30Z
Network: openweb
Published URL: https://nulledbb.com/thread-JAPAN-HQ-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed credential combo list with 27K records
Category: Combo List
Content: A threat actor shared a download link containing approximately 27,000 mixed email:password credentials. The post offers the combo list as valid access, marketed for credential stuffing use.
Date: 2026-05-19T20:40:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-27K-MIXED-VALID-ACCESS
Screenshots:
None
Threat Actors: COYYT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Outlook.com email:password combo list
Category: Combo List
Content: A thread on NulledBB advertises an Outlook.com email:password combo list. No post content is available to confirm record count, pricing, or origin of the credentials.
Date: 2026-05-19T20:39:55Z
Network: openweb
Published URL: https://nulledbb.com/thread-OUTLOOK-COM-HQ-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Poland HQ email:password combo list
Category: Combo List
Content: A threat actor shared a combo list described as high-quality Polish email:password credentials. No further details about record count or source are available from the post content.
Date: 2026-05-19T20:39:27Z
Network: openweb
Published URL: https://nulledbb.com/thread-POLAND-HQ-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of stealer logs mix
Category: Logs
Content: A threat actor known as fatetraffic has shared a free download of 1,500 mixed stealer logs dated May 19, 2026, via a file-sharing platform. The post includes a download link and password, suggesting the logs contain credentials and session data harvested by info-stealer malware.
Date: 2026-05-19T20:39:23Z
Network: openweb
Published URL: https://cracked.st/Thread-FATETRAFFIC-1500-MIX-19-05-2026-STEALER-LOGS
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 550K URL:Log:Pass Credentials
Category: Combo List
Content: A combo list containing approximately 550,000 URL:username:password credential pairs was shared on a cracking forum. The post is dated 20 May and appears to offer the credentials as a free release. No specific victim organization or industry is identified.
Date: 2026-05-19T20:39:11Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90550K-URL-LOG-PASS%E2%AD%9020-MAY
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Yahoo.com email:password combo list
Category: Combo List
Content: A forum user shared a Yahoo.com email:password combo list on a cracking forum. No post content is available; details on record count, price, or origin are unknown.
Date: 2026-05-19T20:39:06Z
Network: openweb
Published URL: https://nulledbb.com/thread-YAHOO-COM-HQ-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of email:password combo list targeting Epic Games accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 30,000 email and password pairs marketed as fresh and suitable for credential stuffing against Epic Games accounts. The data appears to be sourced from previously leaked databases rather than a direct breach of Epic Games. The post was shared on a public cracking forum.
Date: 2026-05-19T20:38:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90-30-000-%E2%AD%90-MAILPASS-%E2%9A%A1UHQ-DATABASE-GOOD-FOR-EPIC-GAMES%E2%9A%A1-FRESH-DATA
Screenshots:
None
Threat Actors: ZEWS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list marketed for Reddit credential stuffing
Category: Combo List
Content: A threat actor is distributing a mailpass combo list of approximately 40,000 email and password pairs, marketed as suitable for credential stuffing against Reddit. The credentials are described as fresh and of high quality (UHQ).
Date: 2026-05-19T20:38:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90-40-000-%E2%AD%90-MAILPASS-%E2%9A%A1UHQ-DATABASE-GOOD-FOR-REDDIT%E2%9A%A1-FRESH-DATA
Screenshots:
None
Threat Actors: ZEWS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 60,000 email:password credentials for X and Microsoft
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 60,000 email and password pairs marketed as UHQ and fresh, suitable for credential stuffing against X and Microsoft services. The post is categorized as a combo list and does not represent a breach of either named platform.
Date: 2026-05-19T20:37:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90-60-000-%E2%AD%90-MAILPASS-%E2%9A%A1UHQ-DATABASE-GOOD-FOR-X-AND-MICROSOFT%E2%9A%A1-FRESH-DATA
Screenshots:
None
Threat Actors: ZEWS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Roblox
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 52,000 email:password pairs marketed as suitable for credential stuffing against Roblox. The credentials are advertised as fresh and high quality.
Date: 2026-05-19T20:37:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90-52-000-%E2%AD%90-MAILPASS-%E2%9A%A1UHQ-DATABASE-GOOD-FOR-ROBLOX-%E2%9A%A1-FRESH-DATA
Screenshots:
None
Threat Actors: ZEWS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of HQ mixed mail access combo list
Category: Combo List
Content: A forum user is sharing a combo list of 2,500 mixed mail access credentials. The content is gated behind registration or login. No specific victim organization or breach source is identified.
Date: 2026-05-19T20:28:51Z
Network: openweb
Published URL: https://patched.to/Thread-2-5k-hq-mixed-mail-access-combolist-304171
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - OpSec inquiry regarding AI API reseller usage for malware development
Category: Chatter
Content: A forum user on Dreads OpSec board is asking about operational security when using an OpenAI API reseller service (anonkey.st) for malware development within a Whonix virtualized environment. The post contains no specific victim, breach, or threat artifact — it is an OpSec question from a self-described malware developer. No actionable threat intelligence is present beyond the acknowledgment of malware development activity.
Date: 2026-05-19T20:28:29Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/15c1cfef4a41286e0717
Screenshots:
None
Threat Actors: kznsma04 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 10,000 business/corporate email credentials
Category: Combo List
Content: A threat actor distributed a combo list of approximately 10,000 business and corporate email credentials on a public cracking forum. The data is described as previously shared in private groups 4–7 days before public release. No specific victim organization or sector is identified.
Date: 2026-05-19T20:27:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%97%EF%B8%8F10k-BUSINESS-CORP-MAIL-ACCESS-MIX%E2%9D%97%EF%B8%8F-18-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 10,721 credentials
Category: Combo List
Content: A combo list of 10,721 email:password credentials, marketed as private and fresh, was shared on a cracking forum. The post is titled Private FA Good Line Fresh, suggesting the credentials may be targeted at full-access account verification.
Date: 2026-05-19T20:27:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-721-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail Combo List with 404K Lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 404,634 email:password lines targeting Hotmail.com accounts. The credentials are marketed as high quality. No specific breach victim is identified; this appears to be a credential stuffing list aggregated from multiple sources.
Date: 2026-05-19T20:27:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-404-634-Lines-%E2%9C%85-Hotmail-com-Combolist-HQ-LEaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of South Korea used car market database
Category: Data Leak
Content: A threat actor leaked a sample of an alleged South Korean used car marketplace database containing approximately 28,000 structured records. The dataset includes customer full names, email addresses, phone numbers, addresses, government/dealer IDs, shop and employee records, and demographic data. The actor advertises additional premium databases via a Telegram channel.
Date: 2026-05-19T20:23:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-South-Korea-Used-Car-Market-Database
Screenshots:
None
Threat Actors: Vyntra
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of randomly generated identity data including financial and tracking information
Category: Data Leak
Content: A forum user is sharing hidden content purportedly containing randomly generated identity data including names, countries, phone numbers, financial details, online accounts, and tracking numbers. The content is gated behind a reply requirement. No specific victim organization or breach source is identified.
Date: 2026-05-19T20:17:24Z
Network: openweb
Published URL: https://altenens.is/threads/your-randomly-generated-identity-name-country-number-finance-online-tracking-numbers.2942866/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list targeting crypto, casino, and PayPal services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 745,000 credentials advertised as suitable for credential stuffing against crypto, casino, and PayPal platforms. The post promotes a commercial combo cloud service offering private lines and high-quality data via Telegram. No specific breached organization is identified.
Date: 2026-05-19T20:14:49Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage745k-crypto-casino-paypalhigh-voltageprivate-base-good-on-any-targethigh-voltage.87397/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list targeting crypto, casino, and PayPal services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 773,000 credential lines advertised as targeting crypto, casino, and PayPal services. The credentials are marketed as fresh, unique, and sourced from dehashed private lines. The post promotes a Telegram-based combo cloud service offering similar content.
Date: 2026-05-19T20:14:17Z
Network: openweb
Published URL: https://breached.st/threads/773k-high-voltagecrypto-casino-paypalhigh-voltagehigh-quality-private-high-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87398/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of USA educational sector combo list with 685K lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 685,000 lines purportedly sourced from US educational sector accounts, marketed as dehashed, fresh, and unique. The post promotes a Telegram-based combo cloud service offering private credential lines. No specific victim organization is identified.
Date: 2026-05-19T20:13:46Z
Network: openweb
Published URL: https://breached.st/threads/685k-high-voltageusa-educationalhigh-voltagehigh-quality-private-high-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87400/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of GitHub internal source code and private repositories
Category: Data Breach
Content: A threat actor operating under the alias TeamPCP is offering for sale alleged internal GitHub source code and private organization repositories, claiming approximately 4,000 private repos are included. The actor is requesting offers above $50,000, stating only one buyer will be accepted, and threatening to leak the data for free if no buyer is found. Samples are offered for verification of authenticity.
Date: 2026-05-19T20:12:51Z
Network: openweb
Published URL: https://breached.st/threads/internal-github-source-code.87395/unread
Screenshots:
None
Threat Actors: TeamPCP
Victim Country: United States
Victim Industry: Technology
Victim Organization: GitHub
Victim Site: github.com - Sale of CIBC Bank fullz on carding forum
Category: Carding
Content: A threat actor on a dark web carding forum is advertising CIBC Bank fullz, described as fresh and working. The post is gated behind registration, limiting visibility into the full scope or pricing. Fullz typically include complete personal and financial account details usable for fraud.
Date: 2026-05-19T19:56:52Z
Network: openweb
Published URL: https://darkpro.net/threads/cibc-bank-fullz-fresh-working-by-carding-forum.23194/
Screenshots:
None
Threat Actors: CC-GuRu
Victim Country: Canada
Victim Industry: Finance
Victim Organization: CIBC Bank
Victim Site: cibc.com - Sale of combo list targeting Walmart, Etsy, and Amazon
Category: Combo List
Content: A threat actor is offering a combo list of approximately 739,000 credential lines marketed as high quality and fresh, intended for credential stuffing against Walmart, Etsy, and Amazon. The post advertises the content as dehashed lines distributed via a Telegram channel.
Date: 2026-05-19T19:55:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75819/
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Coinbase with 1 million customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 1 million Coinbase customer records for $700. The data purportedly includes full names, email addresses, physical addresses, phone numbers, IP addresses, gender, and detailed financial transaction data including deposit and withdrawal totals and annual income. Sample records were provided as proof.
Date: 2026-05-19T19:52:54Z
Network: openweb
Published URL: https://darkpro.net/threads/1-million-coin-base-leaks-2026.23196/
Screenshots:
None
Threat Actors: ⭐ RED✘ ⭐
Victim Country: United States
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com - Combo List of 50,329 credentials
Category: Combo List
Content: A combo list of 50,329 email:password credentials marketed as private, fresh, and with good lines for full access (FA) accounts. The list was shared on a public cracking forum. No specific victim organization or service is identified.
Date: 2026-05-19T19:51:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-50-329-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 6,485 mixed mail access credentials for EU and Asia regions
Category: Combo List
Content: A threat actor shared a combo list of 6,485 email:password credentials targeting EU and Asia regions. The list is made available as a free download on the forum.
Date: 2026-05-19T19:50:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-6-485-GOOD-COMBO-MIX-MAIL-ACCESS-EU-ASIA
Screenshots:
None
Threat Actors: kccloud01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of gaming combo list targeting Xbox and PSN accounts
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 752,000 email:password credentials marketed as high quality and fresh, targeting Xbox and PlayStation Network gaming accounts. The post describes the lines as dehashed and unique. The named gaming platforms are credential-stuffing targets, not breach victims.
Date: 2026-05-19T19:50:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-752K-%E3%80%8D%E2%9A%A1XBOX-PSN-GAMING%E2%9A%A1HIGH-QUALITY-PRIVATE-%E2%9A%A1DEHASHED-LINES%E2%9A%A1FRESH-AND-UNIQUE%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 757K credentials targeting Twitter and Reddit
Category: Combo List
Content: A threat actor is freely distributing a combo list of approximately 757,000 email:password credentials described as a private base suitable for use against any target, with Twitter and Reddit mentioned as intended targets. The post was shared on a public cracking forum by the user MetaCloud3.
Date: 2026-05-19T19:50:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1757K-TWITTER-REDDIT%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 3,396 Mixed Mail Access Credentials
Category: Combo List
Content: A user on a leak forum is sharing a combo list containing 3,396 mixed mail access credentials. The content is hidden behind a registration or login wall. No specific victim organization or breach source is identified.
Date: 2026-05-19T19:44:19Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-3396x-Mix-Mail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - 766K FedEx/UPS combo list freely shared on forum
Category: Combo List
Content: A threat actor operating as MetaCloud is distributing a combo list of approximately 766,000 credentials marketed as a private base suitable for use against any target, including FedEx and UPS services. The content is gated behind forum registration or login. No specific breach victim is identified; the named services are credential-stuffing targets, not the source of the breach.
Date: 2026-05-19T19:43:55Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1766K-FEDEX-UPS%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 753K mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 753,000 mail access credentials, advertised as a private base suitable for use against any target. The post promotes a combo cloud service offering high-quality data via a Telegram channel.
Date: 2026-05-19T19:41:23Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage753k-mail-accesshigh-voltageprivate-base-good-on-any-targethigh-voltage.87390/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Disney+ and Hulu credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 774,000 credential pairs marketed as high-quality, dehashed, fresh, and unique lines targeting Disney+ and Hulu accounts. The post promotes a Telegram-based combo cloud service offering private lines. Disney+ and Hulu are credential-stuffing targets, not the source of the breach.
Date: 2026-05-19T19:40:42Z
Network: openweb
Published URL: https://breached.st/threads/774k-high-voltagedisney-huluhigh-voltagehigh-quality-combohigh-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87391/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of personal data including SSN, drivers licenses, passports, and combo lists
Category: Carding
Content: A threat actor is offering for sale a range of sensitive personal data including SSNs, SINs, drivers licenses, passport scans, company databases (with EIN/LLC details), consumer info, phone lists, email databases, and credential combos. The post advertises multiple data types across multiple regions with no specific victim organization identified. Contact is directed to a Telegram account.
Date: 2026-05-19T19:32:36Z
Network: openweb
Published URL: https://xforums.st/threads/drivers-license-ssn-passports-combo-emails-databases-llc-ein-ltd.615510/
Screenshots:
None
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of ULP combo list with 3.85 million lines
Category: Combo List
Content: A threat actor operating under the alias TurcoLeaksx has leaked a URL:Login:Password (ULP) combo list containing approximately 3.85 million lines. The dataset is described as high quality and has been made available for free on the forum. No specific victim organization or targeted service is identified.
Date: 2026-05-19T19:31:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90ULP-URL-LOGIN-PASS-PRIVATE-3-85M-LINES%E2%AD%90HQ%E2%AD%90LEAKED%E2%AD%90-TurcoLeaksx%E2%AD%90
Screenshots:
None
Threat Actors: ChaosEnvy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List with 27.86 million URL:Log:Pass credentials
Category: Combo List
Content: A threat actor is distributing a URL:LOG:PASS combo list containing approximately 27.86 million credential pairs, marketed as UHQ (ultra-high quality). No specific victim organization or service is identified in the post.
Date: 2026-05-19T19:30:56Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-27-86-M-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: deeped
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 170K UHQ mixed mail combo list
Category: Combo List
Content: A threat actor is sharing a mixed mail combo list containing approximately 170,000 credentials, marketed as fresh and high quality. The post is sponsored by slateaio.com, suggesting use with credential-stuffing tools.
Date: 2026-05-19T19:30:19Z
Network: openweb
Published URL: https://cracked.st/Thread-170K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list with 3.85 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 3.85 million URL:login:password (ULP) credentials. The content is gated behind registration or login on the forum. No specific victim organization is identified.
Date: 2026-05-19T19:30:04Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90u-l-p-3-85m-private-turcoleaksx%E2%AD%90
Screenshots:
None
Threat Actors: XELA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Gmail combo list with 65,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list marketed as 65,000 UHQ Gmail credentials described as fresh. The post is sponsored by a third-party AIO service. The named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-19T19:29:58Z
Network: openweb
Published URL: https://cracked.st/Thread-65K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of European mix combo list with 11,013 credentials
Category: Combo List
Content: A combo list containing approximately 11,013 semi-valid email:password credential pairs of European origin was shared on a cracking forum. The list is described as a mixed European combo, likely intended for credential stuffing. No specific victim organization is identified.
Date: 2026-05-19T19:29:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-11-013-Semi-Valide-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed email account credentials
Category: Combo List
Content: A threat actor is offering 688 allegedly valid mixed email account credentials. The content is hidden behind a registration or login requirement on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T19:29:28Z
Network: openweb
Published URL: https://patched.to/Thread-688-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List — 2,076 Hotmail credentials
Category: Combo List
Content: A forum user is distributing a combo list containing 2,076 Hotmail credentials. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T19:29:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-2076x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Hotmail credentials
Category: Combo List
Content: A combo list containing 2,076 Hotmail credentials was shared on a cracking forum. The post is categorized based on the thread title, as no additional content was available. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-19T19:29:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2076x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Hotmail credential list with 151 alleged valid accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 151 alleged valid Hotmail email account credentials. The content is hidden behind a registration or login wall on the forum. No specific breach victim is identified; the named service is a credential-stuffing target.
Date: 2026-05-19T19:29:06Z
Network: openweb
Published URL: https://patched.to/Thread-151-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 151 valid accounts
Category: Combo List
Content: A threat actor is offering a combo list of 151 claimed valid Hotmail email account credentials. The post is categorized under combolists and marketed as fully valid mail access. No further details are available from the post content.
Date: 2026-05-19T19:28:54Z
Network: openweb
Published URL: https://cracked.st/Thread-151-FULL-VALID-HOTMAIL-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list with 237 valid accounts
Category: Combo List
Content: A forum user is offering 237 allegedly valid Hotmail email account credentials. The content is hidden behind a registration or login wall. These credentials are marketed as fully valid mail access.
Date: 2026-05-19T19:28:50Z
Network: openweb
Published URL: https://patched.to/Thread-237-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list distribution: Verity Vault Mix Mail Drop
Category: Combo List
Content: A threat actor on a cybercrime forum is distributing a combo list containing 4,754 email and password combinations marketed as a mixed mail drop. The content is hidden behind a login/registration wall, limiting visibility into the full dataset.
Date: 2026-05-19T19:28:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-4754x-verity-vault-mix-mail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 20K corporate-targeted combo list
Category: Combo List
Content: A threat actor operating under the handle CELESTIALHQ is distributing a combo list of approximately 20,000 email:password pairs marketed as corporate-targeted. The credentials are offered freely to registered forum members, with personal purchase options also available. The post claims hits are assured, suggesting the list has been tested against corporate services.
Date: 2026-05-19T19:28:01Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%9020k-corp-targeted-combos%E2%AD%90-%E2%9C%85hits-assured%E2%9C%85-%E2%9A%A1drop-by-celestial%E2%9A%A1-304153
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of fresh URL:login:password combo list
Category: Combo List
Content: A forum user is offering a private URL:login:password combo list marketed as fresh. The actual content is hidden behind a registration or login wall, so no further details are available.
Date: 2026-05-19T19:27:40Z
Network: openweb
Published URL: https://patched.to/Thread-fresh-url-login-pass-private-304156
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 264 valid mixed email account credentials
Category: Combo List
Content: A forum user is offering 264 allegedly valid mixed email account credentials behind a login/registration gate. The content is hidden and only accessible to registered forum members. No additional details about the email providers or data source are available.
Date: 2026-05-19T19:27:25Z
Network: openweb
Published URL: https://patched.to/Thread-264-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mix Mail Access Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of 109,565 allegedly valid mixed email access credentials. The content is gated behind a reply requirement on the forum.
Date: 2026-05-19T19:27:19Z
Network: openweb
Published URL: https://altenens.is/threads/109565-full-valid-mix-mail-access.2942836/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list with 146 valid accounts
Category: Combo List
Content: A threat actor is distributing 146 alleged valid Hotmail email credentials on a forum, gated behind a reply requirement. The post advertises these as fully valid mail access credentials.
Date: 2026-05-19T19:26:50Z
Network: openweb
Published URL: https://altenens.is/threads/146-full-valid-hotmail-mail-access.2942837/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 820K USA combo list marketed for all targets
Category: Combo List
Content: A threat actor is distributing a combo list of 820,000 credentials purportedly sourced from US users, marketed as suitable for all targets. Access to the content is gated behind a reply requirement on the forum.
Date: 2026-05-19T19:26:15Z
Network: openweb
Published URL: https://altenens.is/threads/820k-usa-private-combo-good-for-all-targets.2942838/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 508K USA combo list marketed for all targets
Category: Combo List
Content: A threat actor on AE forum is distributing a combo list of 508,000 credentials purportedly sourced from US users, marketed as suitable for all targets. Access to the list requires a reply to the thread. No specific victim organization or service is identified.
Date: 2026-05-19T19:25:39Z
Network: openweb
Published URL: https://altenens.is/threads/508k-usa-private-combo-good-for-all-targets.2942839/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Discussion on Laravel framework vulnerabilities used by darknet markets
Category: Chatter
Content: A forum user on Dread is asking whether darknet markets such as DrugHub use the Laravel PHP framework and expressing concern about its known vulnerabilities. The post is speculative in nature and does not contain any specific exploit, access claim, or actionable threat intelligence.
Date: 2026-05-19T19:25:12Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/202c07ad2b60b483402c
Screenshots:
None
Threat Actors: manski26 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 500K Username:Login:Password Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of 500,000 username:login:password credentials on a cybercrime forum. The post advertises hits assured, suggesting the credentials have been tested. Access to the list requires a reply to the thread.
Date: 2026-05-19T19:25:05Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonu-l-pcheck-mark-button-star500k-full-private-u-l-pstar-check-mark-buttonhits-assuredcheck-mark-button.2942842/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Outlook combo list with 29K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 29,000 Outlook credentials, marketed as high quality and fresh. The post requires a reply to access the hidden content. Outlook is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T19:24:30Z
Network: openweb
Published URL: https://altenens.is/threads/29k-uhq-outlook-combo-fresh.2942843/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 100K email:password combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 email:password credential pairs, marketed as anti-public and private. Access to the hidden content requires a reply to the thread.
Date: 2026-05-19T19:23:53Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonemail-passcheck-mark-button-star100k-full-anti-public-private-mailstar.2942845/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 50K phone number and password combo list derived from stealer logs
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 50,000 phone number and password pairs claimed to be derived from stealer logs. The post is gated behind a reply requirement and markets the credentials as high quality and private.
Date: 2026-05-19T19:23:13Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonnum-passcheck-mark-button-star50k-private-hq-number-pass-from-logs-star.2942846/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale and distribution of mixed email combo lists via PandaCloud service
Category: Combo List
Content: A threat actor is advertising a Telegram-based service called PandaCloud offering free and paid mixed email databases, claimed to be fresh and regularly updated. A public combo list download link is shared alongside offers for private, unused databases available for purchase.
Date: 2026-05-19T19:22:42Z
Network: openweb
Published URL: https://crackingx.com/threads/75811/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Yahoo combo list with 38K credentials
Category: Combo List
Content: A threat actor on AE is distributing a combo list marketed as 38K UHQ Yahoo credentials. The content is gated behind a reply requirement. Yahoo is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T19:22:35Z
Network: openweb
Published URL: https://altenens.is/threads/38k-uhq-yahoo-combo-fresh.2942847/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 1,000 EDU-targeted email:password combo list
Category: Combo List
Content: A forum user is distributing a combo list of approximately 1,000 email:password credentials targeted at educational institutions. The post markets the credentials as verified hits. Content is gated behind a reply requirement.
Date: 2026-05-19T19:22:12Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonemail-passcheck-mark-button-star1k-edu-targeted-combosstar-check-mark-buttonhits-assuredcheck-mark-button.2942849/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Hotmail combo list with 83K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 83,000 Hotmail credentials, marketed as fresh and high quality. The list is gated behind a reply requirement and profile visit. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T19:21:41Z
Network: openweb
Published URL: https://altenens.is/threads/83k-uhq-hotmail-combo-fresh.2942850/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of personal data including SSNs, ID documents, and financial records
Category: Carding
Content: A threat actor is offering for sale a variety of personal data including ID cards, SSNs, drivers licenses, passports, bank card data, consumer databases, and email/password combinations. The seller directs buyers to a Telegram channel for transactions. No specific victim organization or record count is disclosed.
Date: 2026-05-19T19:21:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75812/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of student attendance records from SMKN 1 Banjaragung
Category: Data Leak
Content: A threat actor operating under the alias Mr.SonicX, affiliated with Tegal Cyber Team, claims to have leaked the student attendance database from the SMKN 1 Banjaragung school application. The data is being distributed for free on a public forum.
Date: 2026-05-19T19:16:43Z
Network: openweb
Published URL: https://breached.st/threads/leaked-data-absensi-siswa-di-aplikasi-absensi-smkn1banjaragung.87389/unread
Screenshots:
None
Threat Actors: Mr.SonicX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMKN 1 Banjaragung
Victim Site: app.smkn1banjaragung.sch.id - Combo List targeting Hotmail distributed via external file host
Category: Combo List
Content: A threat actor is distributing a combo list of Hotmail credentials described as fresh and fully valid via an external file-sharing link. The post promotes a Telegram channel offering both public and private email databases on a recurring basis.
Date: 2026-05-19T19:03:25Z
Network: openweb
Published URL: https://crackingx.com/threads/75810/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - OpSec Discussion on Anti-Forensic Data Storage Practices
Category: Chatter
Content: A forum user on a darknet OpSec board is soliciting advice on anti-forensic measures, specifically around VeraCrypt hidden volumes on microSD cards and Tails OS for storing darknet market credentials. The discussion covers wear leveling implications for VeraCrypt containers and physical destruction/concealment tactics during law enforcement raids. No specific victim, breach, or threat content is present.
Date: 2026-05-19T19:02:29Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/10484977fca110a0ee4a
Screenshots:
None
Threat Actors: guest37285926 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of private proxy or access cloud service on cracking forum
Category: Services
Content: A forum seller is advertising a subscription-based private cloud service, offering tiered membership plans ranging from $10 for 3-day access to $200 for lifetime access. The service claims to provide 4,000–12,000 daily fresh and untouched resources, likely proxies or combo lists for credential stuffing. No specific victim organization or target is identified.
Date: 2026-05-19T19:02:12Z
Network: openweb
Published URL: https://crackingx.com/threads/75806/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of mixed stealer logs and credentials
Category: Logs
Content: A threat actor is freely distributing 1.10GB of mixed stealer logs, credentials, and ULP combos via a Telegram channel. The post offers a free sample and promotes the channel as an all-in-one source for logs, mail access, and checkers. No specific victim organization is identified.
Date: 2026-05-19T18:59:20Z
Network: openweb
Published URL: https://cracked.st/Thread-1-10GB-Private-logs-Primedatanet
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list sample distributed on cracking forum
Category: Combo List
Content: A forum user shared a free sample of a mixed credential list (ULP/logs) on a cracking forum, directing users to a Telegram channel for additional content. The post advertises a mix of mail credentials, logs, and checkers with no specific victim organization identified.
Date: 2026-05-19T18:59:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Ulp-From-Primedatanet-Good-For-all-2–2096434
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Advertisement for Telegram channel offering mixed credential and log content
Category: Services
Content: A forum user is advertising a Telegram channel purportedly offering a mix of mail lists, stealer logs, credential combos, and account checkers. The post includes a free sample incentive and directs users to the channel via a Telegram link. No specific victim organization or dataset is identified.
Date: 2026-05-19T18:58:43Z
Network: openweb
Published URL: https://cracked.st/Thread-SEARCH-ENGINES-FOR-TELEGRAM-CHANNELS
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list sample distributed via Telegram channel
Category: Combo List
Content: A threat actor is distributing a free sample of mixed credential content described as mail/logs/ULP (URL:Login:Password) combos via a Telegram channel. The post advertises the channel primedatanet as an all-in-one source for combo lists, logs, and checkers. No specific victim organization or record count is identified.
Date: 2026-05-19T18:58:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Ulp-From-Primedatanet-Good-For-all-1
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list sample distributed on cracking forum
Category: Combo List
Content: A threat actor operating as primedata is distributing a free sample of a mixed ULP (URL:Login:Password) combo list via a Telegram channel. The post promotes a channel offering mixed mail, logs, ULPs, and checkers. No specific victim organization or record count is identified.
Date: 2026-05-19T18:58:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Ulp-From-Primedatanet-Good-For-all-3–2096435
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 16K UHQ mixed email:password combo list
Category: Combo List
Content: A forum user is sharing or selling a combo list of approximately 16,000 email:password pairs marketed as UHQ (ultra-high quality) and valid. No specific victim organization or targeted service was identified in the post.
Date: 2026-05-19T18:57:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-16K-UHQ-MIX-VALID
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 16K UHQ mix combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 16,000 credentials marketed as UHQ (ultra-high quality) mix. Access to the content requires a reply to the thread.
Date: 2026-05-19T18:57:35Z
Network: openweb
Published URL: https://altenens.is/threads/16k-uhq-mix-valid.2942821/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of European email:password combo list
Category: Combo List
Content: A combo list containing approximately 55,004 European email and password pairs is being distributed on a cracking forum. The list is described as a private full-access Europa mix combo. No specific breached organization is identified.
Date: 2026-05-19T18:57:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55-004-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of student attendance records from SMKN 1 Banjaragung
Category: Data Leak
Content: Student attendance data (absensi siswa) from SMKN 1 Banjaragungs attendance application has been leaked and shared on Breached Forums. The breach exposes personally identifiable information of students at this Indonesian vocational school.
Date: 2026-05-19T18:57:07Z
Network: telegram
Published URL: https://t.me/c/3528849141/317
Screenshots:
None
Threat Actors: mr-sonicx
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMKN 1 Banjaragung
Victim Site: Unknown - Free combo list sample targeting Germany
Category: Combo List
Content: A threat actor shared a free sample of a combo list advertised as high-quality Germany-focused credentials. The post promotes a Telegram channel offering mixed mail lists, logs, ULP combos, and checkers. No specific victim organization or record count was disclosed.
Date: 2026-05-19T18:57:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-HQ-Germany-3
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list of 2,534 mixed mail access credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 2,534 claimed valid mixed email account credentials. The content is hidden behind a reply-gate on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T18:56:46Z
Network: openweb
Published URL: https://altenens.is/threads/2534-full-valid-mix-mail-access.2942832/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list mix mail sample shared on cracking forum
Category: Combo List
Content: A threat actor shared a free sample combo list described as a high-quality mixed mail collection on a cracking forum. The post directs users to a Telegram channel advertising mix mails, logs, ULP, and checkers. No specific victim organization or record count was identified.
Date: 2026-05-19T18:56:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Hq-Mix-Mails-5–2096444
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of corporate email credentials containing 86,908 records
Category: Combo List
Content: A combo list advertised as containing 86,908 corporate email and password pairs was shared on a cracking forum. The post is attributed to user AiCombo and targets corporate email accounts. No additional details about the source or format of the credentials are available.
Date: 2026-05-19T18:56:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-86-908-Combolist-Corps-Mails
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed email access combo list with 2,534 entries
Category: Combo List
Content: A forum user is offering a combo list of 2,534 allegedly valid mixed email account credentials. The post is categorized as email access, suggesting the credentials may provide direct mailbox access. No additional details are available from the post content.
Date: 2026-05-19T18:56:03Z
Network: openweb
Published URL: https://cracked.st/Thread-2534-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list of 1,849 mixed mail access credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,849 claimed valid mixed email account credentials. The post requires a reply to access the hidden content. No specific victim organization or targeted service is identified.
Date: 2026-05-19T18:55:56Z
Network: openweb
Published URL: https://altenens.is/threads/1849-full-valid-mix-mail-access.2942833/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed mail access combo list with 7,036 entries
Category: Combo List
Content: A threat actor is offering a combo list of 7,036 reportedly valid mixed mail access credentials on a cracking forum. The post title suggests the credentials are fully validated. No additional details about origin or affected services are available.
Date: 2026-05-19T18:55:47Z
Network: openweb
Published URL: https://cracked.st/Thread-7036-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed email access combo list with 1,849 credentials
Category: Combo List
Content: A forum post on Cracked.st advertises 1,849 allegedly valid mixed email access credentials. No additional details are available regarding the source or composition of the credential list.
Date: 2026-05-19T18:55:30Z
Network: openweb
Published URL: https://cracked.st/Thread-1849-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 7,999 mixed email account credentials
Category: Combo List
Content: A threat actor is sharing a combo list containing 7,999 allegedly valid mixed email account credentials. The post is categorized under combolists on a known cracking forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T18:55:12Z
Network: openweb
Published URL: https://cracked.st/Thread-7999-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing or selling 536 allegedly valid Hotmail email account credentials. The post is categorized as a combo list based on the thread title, as no additional post content is available.
Date: 2026-05-19T18:54:51Z
Network: openweb
Published URL: https://cracked.st/Thread-536-FULL-VALID-HOTMAIL-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 345 valid credentials
Category: Combo List
Content: A forum user is offering 345 claimed valid Hotmail email account credentials. The post is categorized as a combo list based on thread title and forum context. No additional details are available in the post content.
Date: 2026-05-19T18:54:34Z
Network: openweb
Published URL: https://cracked.st/Thread-345-FULL-VALID-HOTMAIL-MAIL-ACCESS–2096452
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail credential combo list shared on forum
Category: Combo List
Content: A threat actor is sharing Hotmail credential hits on a combolist forum, with free drops available and private cloud access offered for purchase via Telegram. The post contains hidden content requiring registration to view, suggesting additional credential data is gated behind login.
Date: 2026-05-19T18:51:20Z
Network: openweb
Published URL: https://patched.to/Thread-uhq-hotmail-hits-304126
Screenshots:
None
Threat Actors: lundman01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 2,500 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 2,500 Hotmail credentials, marketed as a drop under the Verity Vault branding. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-19T18:50:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-2500x-verity-vault-hotmail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Universitas ITB (Institut Teknologi Bandung)
Category: Data Leak
Content: A threat actor using the handle CatNatXploit posted what is alleged to be data from Institut Teknologi Bandung (ITB), an Indonesian university, on the Breached forum. The post content is empty or unavailable, so the nature, volume, and format of the alleged data cannot be confirmed.
Date: 2026-05-19T18:48:03Z
Network: openweb
Published URL: https://breached.st/threads/data-universitas-itb.87388/unread
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Institut Teknologi Bandung
Victim Site: itb.ac.id - Sale of Mixed Target Yahoo Combolist with 880,552 Lines
Category: Combo List
Content: A combo list of 880,552 email:password lines targeting Yahoo accounts has been shared on a cracking forum. The list is described as mixed target and is likely intended for credential stuffing against Yahoo services.
Date: 2026-05-19T18:33:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-880-552-Lines-%E2%9C%85-Mixed-Target-Yahoo-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of alleged private European combo list with 52,312 credentials
Category: Combo List
Content: A forum post on Cracked.st advertises a private European email:password combo list containing 52,312 credentials. The post is categorized as a combolist intended for credential stuffing. No specific victim organization or breach source is identified.
Date: 2026-05-19T18:32:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-52-312-Private-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 160K France UHQ combo list
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 160,000 French credentials, marketed as ultra-high quality (UHQ). The content is hidden behind a reply or account upgrade requirement on the forum.
Date: 2026-05-19T18:28:41Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76985
Screenshots:
None
Threat Actors: VOLT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Italian combo list with 230K credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 230,000 credentials claimed to be high quality and Italian in origin. The content is hidden behind a reply or account upgrade requirement on the forum. No specific victim organization is identified.
Date: 2026-05-19T18:27:59Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76986
Screenshots:
None
Threat Actors: VOLT
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Argentinas Mendoza Judiciary (mev.jus.mendoza.gov.ar)
Category: Data Breach
Content: A threat actor is offering for sale an alleged database originating from the Mendoza provincial judiciary portal in Argentina, containing approximately 756,000 records. The dataset is structured across three sections covering personal contact details (including national IDs, birth dates, addresses, and phone numbers), professional/employment information, and customer interaction logs. The data includes sensitive personally identifiable information such as national identity numbers, email address
Date: 2026-05-19T18:25:27Z
Network: openweb
Published URL: https://breached.st/threads/756k-argentina-https-mev-jus-mendoza-gov-ar-personal-identities-and-contact-info-database-756k-argentina-https-mev-jus-mendoza-gov-ar-perso.87387/unread
Screenshots:
None
Threat Actors: Databasehooligan
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Poder Judicial de Mendoza
Victim Site: mev.jus.mendoza.gov.ar - Sale of HQ combo list mix (7,927 credentials)
Category: Combo List
Content: A threat actor is distributing a combo list of 7,927 mixed credentials marketed as high quality. The post advertises daily supply of 4,000–12,000 fresh credentials available to private members. Content is hidden behind registration or login.
Date: 2026-05-19T18:22:01Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-7927x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - ✨🔥885 HOTMAIL VALID ACCESS |19.05.2026|
Category: Alert
Content: New thread posted by SupportHotmail: ✨🔥885 HOTMAIL VALID ACCESS |19.05.2026|
Date: 2026-05-19T18:21:46Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%94%A5885-hotmail-valid-access-19-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 12K fresh mixed mail access credentials
Category: Combo List
Content: A forum post advertises a combo list of 12,000 mixed email access credentials marketed as fresh. The post was shared on a public cracking forum with no additional details provided.
Date: 2026-05-19T18:13:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-12K-FRESH-MAIL-ACCESS-MIX
Screenshots:
None
Threat Actors: FetahosKR5
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Hotmail mail access credentials (x300)
Category: Combo List
Content: A forum user is distributing a combo list containing 300 Hotmail mail access credentials. The post is gated behind a reply requirement and directs users to the authors profile for additional posts of a similar nature.
Date: 2026-05-19T18:11:10Z
Network: openweb
Published URL: https://altenens.is/threads/starx300-hotmail-mail-access-star.2942802/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed mail access combo list with 16K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 16,000 mixed email access credentials on a criminal forum. The content is hidden behind a registration/login wall. No specific victim organization is identified.
Date: 2026-05-19T18:10:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-16K-MIXED-MAIL-ACCESS-GOODS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of OGEBC (Office de Gestion et dExploitation des Biens Culturels), Algeria
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from ogebc.com, the Algerian national cultural asset management authority. The dataset reportedly contains approximately 425,000 records spanning three sections: customer contact and account information, order history, and support tickets, including fields such as full names, email addresses, phone numbers, postal addresses, payment details, and support interaction records. The seller is asking $900 for the full dataset and has provided sa
Date: 2026-05-19T18:06:24Z
Network: openweb
Published URL: https://breached.st/threads/425k-algeria-www-ogebc-com-national-cultural-asset-management-and-protected-property-records-dataset.87384/unread
Screenshots:
None
Threat Actors: Databasehooligan
Victim Country: Algeria
Victim Industry: Government
Victim Organization: OGEBC (Office de Gestion et dExploitation des Biens Culturels)
Victim Site: ogebc.com - Alleged data breach of Rucabaruk Boxer
Category: Data Breach
Content: A threat actor is selling an alleged database dump from rucabarukboxer.com.ar, an Argentine dog breeder/boxer organization. The dataset reportedly contains approximately 624,000 records across three tables — Contacts, DogProfiles, and ServiceBookings — including personal identifiers such as national ID numbers, emails, phone numbers, addresses, and service booking details. The data is priced at $1,200 and is being offered via Telegram.
Date: 2026-05-19T18:05:51Z
Network: openweb
Published URL: https://breached.st/threads/624k-argentina-https-www-rucabarukboxer-com-ar-personal-and-contact-data-records-including-emails-and-phone-numbers.87385/unread
Screenshots:
None
Threat Actors: Databasehooligan
Victim Country: Argentina
Victim Industry: Retail
Victim Organization: Rucabaruk Boxer
Victim Site: rucabarukboxer.com.ar - Sale of HQ Hotmail combo list
Category: Combo List
Content: A threat actor is offering Hotmail credential hits, with free drops advertised on an external platform and private cloud access available for purchase via Telegram. The post contains hidden content requiring registration to view full details.
Date: 2026-05-19T17:51:50Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%85-hq-hotmail-hit-%E2%9C%85-304108
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of HQ mix combo list with 3,575 credentials
Category: Combo List
Content: A threat actor is distributing a combo list marketed as HQ Mix containing 3,575 credential pairs. The post advertises daily supply of 4,000–12,000 fresh credentials and claims optimized performance for credential stuffing. Content is gated behind forum registration or login.
Date: 2026-05-19T17:51:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3575x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 190K UHQ mixed mail combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 190,000 mixed email credentials, marketed as UHQ and fresh. The post is sponsored by vows.solutions and was shared on a public cracking forum.
Date: 2026-05-19T17:51:27Z
Network: openweb
Published URL: https://cracked.st/Thread-190K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list with 377 credentials marketed as fresh
Category: Combo List
Content: A forum user shared a combo list of 377 Hotmail credentials marketed as fresh access dated 19.05. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-19T17:51:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-377x-hotmail-fresh-access-top-quality-19-05
Screenshots:
None
Threat Actors: CitronCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Gmail combo list with 705K credentials
Category: Combo List
Content: A threat actor is sharing a combo list marketed as 705K UHQ Gmail credentials described as fresh. The post is sponsored by vows.solutions. Gmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-19T17:51:08Z
Network: openweb
Published URL: https://cracked.st/Thread-705K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Outlook combo list with 35,000 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 35,000 Outlook credentials, marketed as high quality and fresh. The list is shared on a cracking forum and appears to be intended for credential stuffing. The post is sponsored by vows.solutions.
Date: 2026-05-19T17:50:48Z
Network: openweb
Published URL: https://cracked.st/Thread-35K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 15,124 Email:Password Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 15,124 email:password credentials marketed as private, full-access, and fresh. The post is categorized under combolists on a known cybercrime forum. No specific victim organization or targeted service is identified.
Date: 2026-05-19T17:50:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-15-124-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Hotmail combo list containing 100K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 100,000 Hotmail credentials, marketed as UHQ and fresh. The post is sponsored by vows.solutions and was shared on a public cracking forum.
Date: 2026-05-19T17:50:12Z
Network: openweb
Published URL: https://cracked.st/Thread-100K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor shared a combo list of 210 Hotmail email:password credentials marketed as fresh and high quality via an external paste link.
Date: 2026-05-19T17:49:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-x210-HOTMAIL-HITS-FRESH-UHQ
Screenshots:
None
Threat Actors: Snowki032312
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list marketed for Minecraft and Roblox credential stuffing
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 762,000 credentials, marketed as suitable for use against Minecraft, Roblox, and other targets. The list is described as sourced from a private base. Content is gated behind forum registration or login.
Date: 2026-05-19T17:49:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1762K-MINECRAFT-ROBLOX%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user is offering a combo list of approximately 6,000 Hotmail credentials described as high-quality hits. The list appears to contain email and password pairs intended for credential stuffing. No additional details are available from the post content.
Date: 2026-05-19T17:49:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-6K-HQ-HOTMAIL-HITS
Screenshots:
None
Threat Actors: combosell1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list of 18,000 mixed mail access credentials
Category: Combo List
Content: A threat actor has freely distributed a combo list containing approximately 18,000 mixed email access credentials, marketed as fresh. The post encourages community engagement and references a Telegram channel named Ghost Cloud.
Date: 2026-05-19T17:48:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-FRESH-18k-MIX-MAIL-ACCESS-HQ-PRIVATE-LIST-DAILY-DROP-GHOST-CLOUD
Screenshots:
None
Threat Actors: Luxe90
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged combo list of 40,313 private email credentials with full access
Category: Combo List
Content: A threat actor is distributing a combo list of 40,313 email credentials advertised as private full-access mail combinations. The post is categorized as a combolist based on thread title metadata; no additional details are available from the post content.
Date: 2026-05-19T17:48:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-40-313-Private-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Recruitment post for paid online tasks targeting US, CA, UK, and Australian users
Category: Chatter
Content: A forum user posted a job recruitment offer on Dread seeking individuals from the United States, Canada, United Kingdom, and Australia for four unspecified online tasks, offering $190 for 40-50 minutes of work. The post claims the work is legal and requests direct messages without PGP. No specific threat activity or victim organization is identified.
Date: 2026-05-19T17:48:23Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4f3d21061ae803fca2bb
Screenshots:
None
Threat Actors: moneyspro9 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Free Hotmail/Outlook mail access credentials
Category: Combo List
Content: A threat actor on a cracking forum is freely distributing a combo list of approximately 1,100 Hotmail/Outlook credentials. The post markets the list as fresh with a high hit rate and directs users to a Telegram channel for additional content.
Date: 2026-05-19T17:48:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-FRESH-1-1k-HOTMAIL-MAIL-ACCESS-100-PRIVATE-HIGH-HIT-RATE-GHOST-CLOUD
Screenshots:
None
Threat Actors: Luxe90
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of GoliathCoreAI Futures/Spot Trading Platform Source Code
Category: Services
Content: A threat actor is offering the source code of a proprietary futures and spot trading platform called GoliathCoreAI for sale. The offering includes a trading robot cockpit, admin panel, and various customizable management features. Interested buyers are directed to contact the seller via Telegram or Discord.
Date: 2026-05-19T17:47:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90-%E2%AD%90-GoliathCoreAI-Futures-Spot-Trading-platform-SOURCE-CODE-%E2%AD%90%E2%AD%90-%E2%AD%90
Screenshots:
None
Threat Actors: TGM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: goliathcore.vercel.app - Sale of rewards and gift card fraud services targeting multiple retail programs
Category: Carding
Content: A threat actor is advertising fraud services targeting multiple retail rewards and gift card programs including Sams Cash, Canadian Tire, Ulta, and Bloomingdales, claiming potential earnings of $10,000 or more. The post references an external platform (darkmoon.to), likely hosting the full offering or tutorial.
Date: 2026-05-19T17:47:27Z
Network: openweb
Published URL: https://cracked.st/Thread-REWARDS-GIFTCARDS-SAMSCASH-CANADIAN-TIRE-ULTA-BLOOMINGDALES-MAKE-10000
Screenshots:
None
Threat Actors: Kyzen0
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown - Cybersecurity and sysadmin services offered for cryptocurrency payment
Category: Chatter
Content: A forum user is advertising sysadmin and cybersecurity services on a darknet forum, accepting BTC and XMR. Offered services include UNIX application deployment, hidden service backend management, and VPS hardening. The poster claims over four years of darknet experience and accepts FairTrade Escrow.
Date: 2026-05-19T17:47:07Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4d01978bfeb3b313bd8a
Screenshots:
None
Threat Actors: SetsUnder 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Job posting seeking coder for Telegram mini-app development
Category: Chatter
Content: A forum user is seeking an experienced developer to build a Telegram mini-app, offering up to $1,000 in BTC via escrow. The post contains no threat-related content and appears to be a general job solicitation on a dark web forum.
Date: 2026-05-19T17:45:44Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/6572558dfbe72cfd2856
Screenshots:
None
Threat Actors: misterbanana 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of custom dark web tool development and operational services including phishing, malware, ransomware, and C2 infrastructure
Category: Chatter
Content: A threat actor on Dread is advertising custom development and operational services for underground clients, including phishing kit generators, infostealer builders, ransomware payload builders with RaaS affiliate panels, C2 frameworks, and credential stuffing engines. Services are offered for payment in XMR or BTC, with the actor claiming all tools are built from scratch. The actor also claims to provide operational execution including phishing campaigns, C2 management, and ransomware coordinati
Date: 2026-05-19T17:44:25Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/fde4df9a7a164679dab3
Screenshots:
None
Threat Actors: Agaptus 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - SMS sender service job listing on darknet forum
Category: Chatter
Content: A forum post on Dreads Jobs4Crypto board advertises a part-time job for an SMS sender. No further content is available to determine the scope or target of the activity.
Date: 2026-05-19T17:43:13Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/c159b3d1b63b2eacbbc9
Screenshots:
None
Threat Actors: crazycrazy 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Forum user offering sales closing and client follow-up services
Category: Chatter
Content: A forum user on Dread is advertising themselves as available for sales closing, client follow-ups, and lead conversion work across digital services, SaaS, and agency offers. The post solicits direct messages from potential buyers. No threat activity or specific victim is referenced.
Date: 2026-05-19T17:38:30Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/9fda4710e1c2134b2b42
Screenshots:
None
Threat Actors: tuminis 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged distribution of Admin Finder v2.5 – Automated Admin Panel Scanner Tool
Category: Malware
Content: User shared Admin Finder v2.5, an automated scanner tool designed to detect and locate admin panels and login pages on target websites. The tool implements fuzzing techniques against common admin paths, includes anti-detection mechanisms (1-second delays, 10-second Cloudflare recovery delays), uses CloudScraper to bypass Cloudflare protection, and automatically saves discovered admin panels to admin_found.txt. Tool processes 1000+ admin paths systematically via command-line interface.
Date: 2026-05-19T17:37:57Z
Network: telegram
Published URL: https://t.me/forum_mexazo_officials/5
Screenshots:
None
Threat Actors: MexazoOfficials
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of access to private cloud database with stolen Hotmail credentials and company datasets
Category: Initial Access
Content: User Yhōu is offering for sale access to a private cloud database containing premium Hotmail credentials and geo-specific data sets from multiple companies including Walmart, eBay, Kleinanzeigen, Uber, and Poshmark. Available regions include FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SP, SG and others. This represents unauthorized access to compromised data from multiple commercial platforms.
Date: 2026-05-19T17:35:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/85067
Screenshots:
None
Threat Actors: Yhōu
Victim Country: Unknown
Victim Industry: E-commerce, Ride-sharing, Marketplace
Victim Organization: Walmart, eBay, Uber, Poshmark, Kleinanzeigen
Victim Site: Unknown - Alleged sale of Hotmail credentials and geo-specific combolists from private cloud database
Category: Combo List
Content: Seller offering access to private cloud database containing high-quality Hotmail credentials and country-specific datasets. Available regions include FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SP, SG and others. Seller claims to have access to premium Hotmail data and associated platform credentials (Walmart, eBay, Kleinanzeigen, Uber, Poshmark). Serious buyers only, seller offers keyword verification.
Date: 2026-05-19T17:33:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/85059
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Multiple (FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SP, SG)
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com, walmart.com, ebay.com, kleinanzeigen.de, uber.com, poshmark.com - Purchase request for NuBank debit card photos
Category: Chatter
Content: A forum user is soliciting front and back photographs of a NuBank debit card showing visible card numbers and cardholder name, offering $40 via escrow. The request specifies unedited, high-quality photos, likely intended for card fraud or cloning purposes.
Date: 2026-05-19T17:23:58Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/fee10ae8a8e6bfd80f3a
Screenshots:
None
Threat Actors: notanoob 🍼
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: NuBank
Victim Site: nubank.com.br - Sale of discounted OpenAI API access via reseller service
Category: Chatter
Content: A forum user is advertising anonkey.st, a service claiming to resell OpenAI API keys at 80% below standard pricing, compatible with tools such as Cursor, Codex, and OpenCode. The service accepts cryptocurrency, requires no registration, and explicitly markets itself to users conducting illegal activities and automated non-human agents. Bulk pricing and specialized offline model requests are also offered via direct message.
Date: 2026-05-19T17:22:48Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/5b7556c73256bc58c318
Screenshots:
None
Threat Actors: silencedsignal1x 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: anonkey.st - Recruitment for crypto drainer malware distribution campaign
Category: Chatter
Content: A threat actor is recruiting social engineers to distribute a self-described crypto drainer malware targeting high-net-worth cryptocurrency holders. The actor claims the malware leverages an unpatched exploit not yet flagged by security tools, and is offering a 50% revenue share per successful theft. The post also references website spoofing, smart contract manipulation, and money laundering capabilities.
Date: 2026-05-19T17:19:12Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/a20771e2631f1ba618ae
Screenshots:
None
Threat Actors: GoKart 🍼
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Job posting for social engineering and ewhoring services on Dread
Category: Chatter
Content: A forum user on Dreads /d/Jobs4Crypto board posted a job listing seeking individuals with catfishing and ewhoring experience. No additional content was available in the post. The nature of the requested work suggests intent to conduct online social engineering or fraud-related activities.
Date: 2026-05-19T17:17:50Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/2288dab6f4358f37588f
Screenshots:
None
Threat Actors: CocaColaNorth 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of alleged initial access to ThreatDown
Category: Initial Access
Content: A threat actor is advertising the sale of alleged full access to ThreatDown on a cybercrime forum. No further details are available as the post contains no content beyond the thread title.
Date: 2026-05-19T17:16:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-New-ThreatDown-acces-full
Screenshots:
None
Threat Actors: plaguelost
Victim Country: Unknown
Victim Industry: Cybersecurity
Victim Organization: ThreatDown
Victim Site: threatdown.com - Combo list of 200K email and password credentials shared freely
Category: Combo List
Content: A threat actor shared a combo list containing approximately 200,000 email and password pairs at no charge via Anonfilesnew. No specific victim organization or service is identified.
Date: 2026-05-19T17:14:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-200K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 63K Hotmail credentials
Category: Combo List
Content: A combo list containing approximately 63,000 Hotmail email and password pairs was shared on BreachForums. The post is categorized under combolists and no additional details are available from the post content.
Date: 2026-05-19T17:12:49Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-63K-Hotmail-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of private Germany-targeted combo list and credential services
Category: Combo List
Content: A threat actor operating as Antalya Private Cloud is advertising a private combo list service featuring approximately 66,000 Germany-targeted credentials, UHQ Hotmail combos, mixed combo lists, and premium logs. The offering includes geo-targeted credential lists and mail checkers marketed as high-quality and fresh. Access is sold via a Telegram contact with a free trial sample provided.
Date: 2026-05-19T17:12:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-66k-private-germany-%F0%9F%87%A9%F0%9F%87%AA-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Multi-region combo list mix distributed on cybercrime forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 789,000 credential pairs sourced from multiple regions including the EU, USA, UK, Poland, Germany, and Canada. The post markets the list as a private base suitable for use against any target. The actor also advertises an ongoing combo cloud service.
Date: 2026-05-19T17:12:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1789k-eu-usa-uk-pl-de-canada-comcast-mix%E2%9A%A1private-base-good-on-any-target%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list by s2lender
Category: Combo List
Content: A threat actor operating as s2lender is distributing a combo list of approximately 174 high-quality Hotmail credentials on a cybercrime forum. The post advertises daily supply of 4,000–12,000 fresh credentials marketed as optimized for credential stuffing. Access to the full content requires forum registration or login.
Date: 2026-05-19T17:11:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-174x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free sharing of trading course materials on cracking forum
Category: Alert
Content: A forum user shared download links for a trading course covering Forex, cryptocurrencies, stocks, and indices. The post appears to be an unauthorized distribution of commercial educational content. No specific victim organization or threat actor activity is identified.
Date: 2026-05-19T17:11:38Z
Network: openweb
Published URL: https://nulledbb.com/thread-Simple-Trading-Book-v1-and-V2
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Forum inquiry about receiving digital goods from darknet markets
Category: Chatter
Content: A forum user posted a general question on Dread asking how digital products are typically delivered by darknet market vendors. The post contains no threat content, no specific victims, and no actionable intelligence.
Date: 2026-05-19T17:11:33Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/40a53f699505f83da633
Screenshots:
None
Threat Actors: rommie11 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 80K email and password credentials shared freely
Category: Combo List
Content: A threat actor shared a combo list containing approximately 80,000 email and password pairs at no charge via Anonfilesnew. No specific victim organization or targeted service is identified in the post.
Date: 2026-05-19T17:11:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-80K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Hotmail with 10.6K credentials
Category: Combo List
Content: A combo list containing approximately 10,600 email and password pairs targeting Hotmail accounts was shared on BreachForums. No additional details are available as the post content is absent.
Date: 2026-05-19T17:11:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-10-6K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of fresh mix combo list with 83,272 lines
Category: Combo List
Content: A threat actor shared a combo list containing 83,272 email:password lines, marketed as fresh. The content is hidden behind a registration/login wall and promoted via a Telegram channel.
Date: 2026-05-19T17:10:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-83-272-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Nighthawk C2 (Janus 0.4) malware with lifetime license
Category: Malware
Content: Threat actor advertising limited-time sale of Nighthawk C2 malware tool version Janus 0.4 with lifetime license. Original price listed as $10,000, market price $7,500, currently offered at $5,000 with discount code Qr_708. Purchase instructions provided via Telegram bot @DBMSLivebot.
Date: 2026-05-19T17:08:28Z
Network: telegram
Published URL: https://t.me/APTIRAN_OFFICIAL/145
Screenshots:
None
Threat Actors: APT IRAN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Nighthawk C2 Janus 0.4 malware tool
Category: Malware
Content: Threat actor advertising the sale of Nighthawk C2 Janus 0.4, a command and control malware tool, with a lifetime license offered at $5,000 USD (reduced from $7,500).
Date: 2026-05-19T17:07:25Z
Network: telegram
Published URL: https://t.me/c/3881618514/104
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free Hotmail combo list of 3,780 credentials
Category: Combo List
Content: A forum user shared a combo list of 3,780 Hotmail credentials, marketed as fresh. The content is gated behind registration or login on the forum.
Date: 2026-05-19T17:05:50Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-3780x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list of 784K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 784,000 Hotmail credentials, marketed as high quality, dehashed, fresh, and unique. The list is intended for credential stuffing against Hotmail/Outlook accounts. No specific breached organization is identified.
Date: 2026-05-19T17:05:30Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E3%80%8C-784K-%E3%80%8D%E2%9A%A1HOTMAIL%E2%9A%A1HIGH-QUALITY-PRIVATE-COMBO%E2%9A%A1DEHASHED-LINES%E2%9A%A1FRESH-AND-UNIQUE%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mail access combo list with 15,000 credentials
Category: Logs
Content: A forum user is sharing a combo list advertised as containing 15,000 mail access credentials. The content is hidden behind a registration wall. No specific victim organization or breach source is identified.
Date: 2026-05-19T17:03:45Z
Network: openweb
Published URL: https://xforums.st/threads/15k-good-mail-access-combolist.615506/
Screenshots:
None
Threat Actors: VegaMoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 15,000 mail access combo list
Category: Combo List
Content: A forum member is sharing a combo list advertised as containing 15,000 email and password credential pairs marketed as valid mail access. No additional details about the source or targeted service are available.
Date: 2026-05-19T17:03:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-15k-Good-Mail-Access-Combolist
Screenshots:
None
Threat Actors: vmmoons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Yahoo combo list with 45,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list marketed as 45,000 UHQ Yahoo credentials described as fresh. The post is sponsored by an AIO tool service. Yahoo is the credential-stuffing target, not the breach source.
Date: 2026-05-19T17:03:24Z
Network: openweb
Published URL: https://cracked.st/Thread-45K-UHQ-YAHOO-COMBO-FRESH–2096366
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 181K mixed email credentials
Category: Combo List
Content: A user on Cracked.st is sharing a combo list of 181,000 mixed email credentials marketed as fresh UHQ (ultra-high quality). The post is sponsored by slateaio.com, suggesting the list may be intended for credential stuffing use.
Date: 2026-05-19T17:02:47Z
Network: openweb
Published URL: https://cracked.st/Thread-181K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mixed mail access combo list shared for free
Category: Combo List
Content: A threat actor is distributing mixed mail access credential hits via a Telegram channel. Private cloud access with additional credentials is offered for purchase via a separate contact. No specific victim organization or record count is disclosed.
Date: 2026-05-19T17:02:16Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-HQ-MIX-MAIL-ACCESS-HIT-%E2%9C%85
Screenshots:
None
Threat Actors: lundman01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 95K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 95,000 Hotmail credentials, marketed as high quality and fresh. The post is sponsored by vows.solutions and shared on a public cracking forum.
Date: 2026-05-19T17:01:44Z
Network: openweb
Published URL: https://cracked.st/Thread-95K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Outlook combo list with 36K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 36,000 Outlook credentials, marketed as UHQ and fresh. The post is sponsored by vows.solutions and was shared on a public cracking forum.
Date: 2026-05-19T17:01:11Z
Network: openweb
Published URL: https://cracked.st/Thread-36K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Gmail combo list with 734K credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 734,000 Gmail credentials, marketed as UHQ (ultra-high quality) and fresh. The post is sponsored by a credential-stuffing tool service. Gmail is the targeted service for credential stuffing, not the breach source.
Date: 2026-05-19T17:00:32Z
Network: openweb
Published URL: https://cracked.st/Thread-734K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed mail credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 3,908 mixed email credentials, including Hotmail accounts, marketed as premium valid hits. The post promotes private cloud access and directs users to a Telegram contact.
Date: 2026-05-19T17:00:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-3908x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Alphaaaxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Refunding business setup service offered on cracking forum
Category: Services
Content: A forum seller operating as Paxerr is advertising a service to set up refunding businesses for buyers, offering 100% refund guarantees and unlimited revisions with 24/7 support. The post includes a terms of service outlining payment, delivery, and refund conditions. Refunding services are commonly associated with retail fraud schemes that exploit merchant return policies.
Date: 2026-05-19T16:59:26Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1LAUNCH-YOUR-REFUNDING-BUSINESS-%E2%80%A2-100-REFUND-%E2%80%A2-UNLIMITED-REVISIONS-%E2%80%A2-24-7-SUPPORT%E2%9A%A1
Screenshots:
None
Threat Actors: BossOfBosses
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged defacement of juai.chat by C10F./X404
Category: Defacement
Content: Defacement claim attributed to C10F./X404, identified as part of a defacer Indonesian team. Target website: https://juai.chat/
Date: 2026-05-19T16:58:25Z
Network: telegram
Published URL: https://t.me/c/3755871403/540
Screenshots:
None
Threat Actors: C10F./X404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: juai.chat
Victim Site: juai.chat - Website Defacement of CyberNex Product by overthrash1337 (Team Hazardous Pk)
Category: Defacement
Content: On May 19, 2026, the website cybernexproduct.com was defaced by threat actor overthrash1337, operating under the group Team Hazardous Pk. The defacement targeted a specific page rather than the homepage and was a standalone, non-mass defacement incident. The attack was archived and mirrored via zone-xsec.com.
Date: 2026-05-19T16:40:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925110
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pk
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: CyberNex Product
Victim Site: www.cybernexproduct.com - Website Defacement of Vista Marine by overthrash1337 (Team Hazardous Pk)
Category: Defacement
Content: On May 19, 2026, a threat actor known as overthrash1337, affiliated with Team Hazardous Pk, defaced the website of Vista Marine, an Indian maritime services company. The defacement targeted a subdirectory of the site rather than the home page. The attack is attributed to a Pakistani hacktivist group known for web defacement campaigns.
Date: 2026-05-19T16:38:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925111
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pk
Victim Country: India
Victim Industry: Maritime / Marine Services
Victim Organization: Vista Marine
Victim Site: vistamarine.co.in - Sale of fresh email combo list targeting USA and EU regions
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 50,000 email credentials purportedly sourced from USA and EU regions. The content is gated behind registration or login on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T16:23:59Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F-fresh-mail-%E2%80%94-usa-eu-%E2%80%94-50k%E2%9D%84%EF%B8%8F-304081
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Gmail and mixed credential combo list
Category: Combo List
Content: A forum member is offering a combo list described as Private Lines containing Gmail and mixed credentials. The content is hidden behind a registration or login requirement, limiting visibility into record count or specific details.
Date: 2026-05-19T16:23:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%94%EF%B8%8F-private-lines-%E2%80%94-gmail-mix-%E2%9A%94%EF%B8%8F-304084
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of URL:Log:Pass combo list — 8+ million lines
Category: Combo List
Content: A threat actor is freely distributing a URL:Log:Pass combo list containing over 8 million lines on a cybercrime forum. The content is gated behind registration or login. No specific victim organization is identified.
Date: 2026-05-19T16:23:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-354
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor is freely distributing a URL:Log:Pass combo list advertised as containing over 8 million lines. The content is gated behind registration or login on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T16:22:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-353
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of Hotmail Credentials (x3000)
Category: Combo List
Content: A forum user shared a combo list of approximately 3,000 Hotmail credentials as hidden content requiring registration or login to access. The post is categorized as a credential combo list and does not indicate a breach of Hotmail or Microsoft infrastructure.
Date: 2026-05-19T16:22:25Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5-hotmail-%E2%80%A2-private-x3000-%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5-304080
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Yahoo-targeted combo list with 1.9 million lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.9 million email:password pairs advertised as targeting Yahoo accounts. The post is categorized as a social-target combolist, suggesting credentials are intended for credential stuffing against Yahoo services.
Date: 2026-05-19T16:22:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-926-386-Lines-%E2%9C%85-Social-Target-Combolist-Yahoo
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of mixed email credentials (12K)
Category: Combo List
Content: A combo list of approximately 12,000 mixed email and password credentials has been shared on a cracking forum. The post advertises the list as mixed mail access, suggesting credentials span multiple email providers.
Date: 2026-05-19T16:22:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-12K-MIXED-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of CrunchyRoll combo list with 100K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 credentials marketed for use against CrunchyRoll, described as freshly checked and AntiPublic checked. CrunchyRoll is the credential-stuffing target, not the breach source. The post is sponsored by RogenCloud.
Date: 2026-05-19T16:21:40Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-100K-CrunchyRollCombolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free release of URL:Log:Pass combo list with 7.48 million lines
Category: Combo List
Content: A forum user has shared a URL:Log:Pass combo list containing approximately 7.48 million lines as hidden content. The post is accessible to registered forum members only. No specific victim organization or breach source is identified.
Date: 2026-05-19T16:21:29Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-The-best-Url-Log-Pass-7-480-179-M%C4%B1ll%C4%B1on-L%C4%B1nes
Screenshots:
None
Threat Actors: Max095
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 853 valid credentials
Category: Combo List
Content: A forum user shared a combo list of 853 Hotmail credentials marketed as valid. The post was made on a public cracking forum under the combolists section.
Date: 2026-05-19T16:21:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-X853-HOTMAILS-VALID
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Netflix combo list with 700K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 700,000 credentials marketed for use against Netflix, described as freshly checked and AntiPublic verified. The post is sponsored by RogenCloud and includes a download link.
Date: 2026-05-19T16:20:59Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-700K-Netflix-Combolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 52,184 private full-access mail combo list
Category: Combo List
Content: A combo list containing 52,184 email and password pairs marketed as private full-access mail credentials was shared on a cracking forum. No further details are available from the post content.
Date: 2026-05-19T16:20:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-52-184-Private-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Spotify combo list with 290K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 290,000 credentials marketed as freshly checked and AntiPublic-verified, intended for credential stuffing against Spotify. The post is sponsored by RogenCloud and includes a download link.
Date: 2026-05-19T16:20:18Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-290K-Spotify-Combolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of mixed email credentials (418 records)
Category: Combo List
Content: A combo list of approximately 418 mixed email and password combinations has been shared on a cracking forum. No specific victim organization or breach source is identified. The credentials appear to be a mixed-source collection.
Date: 2026-05-19T16:19:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-418X-MIX-MAILS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of TikTok combo list with 100K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 credentials marketed for use against TikTok, advertised as freshly checked and AntiPublic verified. The post is sponsored by RogenCloud and includes a download link. TikTok is the credential-stuffing target, not the breach source.
Date: 2026-05-19T16:19:23Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-100K-TikTok-Combolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Microsoft SC-100 exam vouchers on cybercrime forum
Category: Services
Content: A forum seller is offering Microsoft SC-100 (Cybersecurity Architect) exam vouchers at $60, significantly below the retail price of $165. The post advertises globally valid vouchers via direct message. The legitimacy of these vouchers is unverified and they may be fraudulently obtained or counterfeit.
Date: 2026-05-19T16:18:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8Microsoft-Certified-Cybersecurity-Architect-%E2%80%93-Exam-Voucher-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ combo list for gaming and shop targets
Category: Combo List
Content: A threat actor is offering UHQ combo lists claimed to be suitable for credential stuffing against gaming and shop targets. The seller advertises a free trial and directs interested buyers to a Telegram contact. No specific victim organization or record count is disclosed.
Date: 2026-05-19T16:18:16Z
Network: openweb
Published URL: https://cracked.st/Thread-COMBO-REAL-UHQ-FOR-ANY-TARGET-GAME-SHOP-WITH-TEST-FREE
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Apify web scraping subscription
Category: Services
Content: A forum user is selling discounted Apify web scraping and automation subscriptions for $20, offering 4 months of access with $600 in platform credits. The service includes access to 1,500+ pre-built scrapers covering platforms such as Google, Amazon, and LinkedIn. Buyers are instructed to DM the seller to receive access.
Date: 2026-05-19T16:17:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-Apify-%E2%80%93-Web-Scraping-Automation-4-Months-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 12K email access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 12,000 claimed valid email credentials marketed as top quality. The content is gated behind a reply requirement on the forum.
Date: 2026-05-19T16:16:11Z
Network: openweb
Published URL: https://altenens.is/threads/12k-full-valid-mail-access-mix-top-quality-19-05.2942746/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting gaming platforms (Fortnite, Minecraft, Valorant, Steam, Rockstar)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3,760 Hotmail credentials marketed as fresh and high quality. The post claims the credentials are suitable for use against gaming platforms including Fortnite, Minecraft, Valorant, Steam, and Rockstar. The content is hidden behind registration and the actor advertises via Telegram.
Date: 2026-05-19T16:13:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3760x-%E2%AD%90%E2%AD%90-FRESH-HQ-MIX-MAIL-%E2%AD%90%E2%AD%90-FORNITE-MINECRAFT-VALORANT-STEAM-ROCKSTAR-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list with 1,496 hits
Category: Combo List
Content: A threat actor on CrackingX is distributing a combo list of 1,496 alleged valid Hotmail credentials, marketed as premium hits. The post includes a download link and directs interested parties to a Telegram contact.
Date: 2026-05-19T16:11:39Z
Network: openweb
Published URL: https://crackingx.com/threads/75789/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Carding discussion involving AUD prepaid gift cards and cryptocurrency conversion
Category: Chatter
Content: A forum user is soliciting advice on how to fraudulently obtain and cash out AUD prepaid Visa/Mastercard gift cards by converting them to cryptocurrency to evade detection. The post describes an anticipated chargeback dispute following purchase and asks for operational security guidance. The user also inquires about laundering proceeds through a crypto.com account and associated Visa card.
Date: 2026-05-19T16:03:01Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/6587ccdfd615abd8b2f3
Screenshots:
None
Threat Actors: budzy653 🍼
Victim Country: Australia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: card.gift - Alleged scam report against darknet vendor W0rm30 on Dread
Category: Chatter
Content: A Dread forum user alleges that vendor W0rm30 scammed them for $15 in a fullz (personally identifiable information) deal, providing fake documents and stalling for three days. The post includes screenshots as evidence and warns other users against transacting with this vendor. No confirmed data breach or compromise of a third-party organization is involved.
Date: 2026-05-19T16:01:36Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/981c5ac162b0088c3e1f
Screenshots:
None
Threat Actors: born_confused 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Edu combo list with 91,908 credentials
Category: Combo List
Content: A combo list containing 91,908 email and password pairs targeting educational institutions has been shared on a cracking forum. The credentials are marketed as fresh and good quality. No specific victim organization is identified.
Date: 2026-05-19T15:57:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-91-908-Good-Edu-Fresh-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Sale of alleged private combo list targeting European accounts
Category: Combo List
Content: A forum user is distributing a combo list advertised as private, containing approximately 40,287 email:password pairs targeting European accounts. The post is categorized as a combo list intended for credential stuffing. No specific victim organization or service is identified.
Date: 2026-05-19T15:57:25Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-40-287-Private-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Hotmail combo list
Category: Combo List
Content: A forum post advertises 150 allegedly high-quality (UHQ) Hotmail email:password credential pairs. The content of the post is unavailable, but the thread title and forum context indicate a combo list offering. These credentials are not attributed to a breach of Microsoft or Hotmail directly.
Date: 2026-05-19T15:57:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-150x-uhq-hotmails
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Quizlet Plus subscription access
Category: Services
Content: A forum seller is offering Quizlet Plus one-year subscriptions at $30, significantly below the retail price of $96. The post advertises full platform features and instructs buyers to DM for account access. This likely involves account sharing or resale of compromised/bulk-purchased credentials.
Date: 2026-05-19T15:56:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8FQuizlet-Plus-%E2%80%93-Unlimited-Learning-1-Year-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted CodeRabbit Pro subscriptions on cracking forum
Category: Services
Content: A forum seller is offering CodeRabbit Pro one-year subscriptions at $80, discounted from the stated retail price of $300. The post advertises AI code review features and directs buyers to DM for access. The nature of how these subscriptions are obtained is not disclosed.
Date: 2026-05-19T15:56:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-CodeRabbit-Pro-%E2%80%93-AI-Code-Review-1-Year
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of Hotmail credentials offered for free
Category: Combo List
Content: A threat actor is distributing a Hotmail credential combo list containing approximately 25,000 email and password pairs via a hidden forum post. The actor also advertises a shop offering combo lists for various countries and on request. The named service is a credential-stuffing target, not the breach source.
Date: 2026-05-19T15:54:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-5-25000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list sample (700 entries)
Category: Combo List
Content: A forum user shared a sample combo list containing 700 Hotmail credentials. The post includes a download link. These credentials are likely intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-19T15:53:41Z
Network: openweb
Published URL: https://crackingx.com/threads/75787/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ mixed credential combo list including Hotmail
Category: Combo List
Content: A threat actor is offering a mixed combo list advertised as valid UHQ credentials including Hotmail accounts. The list is distributed via a private cloud link promoted through Telegram. No specific victim organization or record count is disclosed.
Date: 2026-05-19T15:53:23Z
Network: openweb
Published URL: https://crackingx.com/threads/75788/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 92 HQ Hotmail credentials shared for free
Category: Combo List
Content: A threat actor shared a combo list of 92 alleged high-quality Hotmail credentials via MediaFire. The post advertises the credentials as HQ, suggesting they have been tested or verified.
Date: 2026-05-19T15:53:16Z
Network: openweb
Published URL: https://altenens.is/threads/92-hq-hotmail.2942741/unread
Screenshots:
None
Threat Actors: altitude
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of sman1gondang.com
Category: Data Breach
Content: A threat actor is distributing a SQL database dump purportedly from sman1gondang.com, an Indonesian school website. The 30MB dump contains user records including usernames, bcrypt-hashed passwords, email addresses, IP addresses, and name fields. The data is shared as hidden content requiring forum engagement to access.
Date: 2026-05-19T15:49:49Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Database-Of-The-Site-sman1gondang-com-Indonesia
Screenshots:
None
Threat Actors: DarkMafiaX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMAN 1 Gondang
Victim Site: sman1gondang.com - Alleged data leak of Calo app supply chain and suppliers database
Category: Data Leak
Content: A threat actor known as hon3ypot claims to have leaked the full supply chain and suppliers database of Calo (calo.app) following failed negotiations. The data has been made available for free download via an external file hosting link. The post suggests a prior extortion attempt was unsuccessful before public disclosure.
Date: 2026-05-19T15:48:58Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-calo-app-supply-chain-suppliers-data
Screenshots:
None
Threat Actors: hon3ypot
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Calo
Victim Site: calo.app - Alleged data leak of calo.app supply chain and suppliers data
Category: Data Leak
Content: A threat actor operating under the handle hon3ypot has leaked what they claim to be the full supply chain and suppliers database of calo.app. The post states the release follows failed negotiations, suggesting a prior extortion attempt. The data is made available as a downloadable archive via an external file-sharing link.
Date: 2026-05-19T15:48:36Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77103
Screenshots:
None
Threat Actors: hon3ypot
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Calo
Victim Site: calo.app - Alleged data leak of PDI Health (pdihealth.com) — 897GB medical records
Category: Data Leak
Content: A threat actor known as MDGhost has leaked approximately 897GB of data allegedly sourced from PDI Health, a U.S.-based mobile diagnostic imaging provider. The exposed data reportedly includes highly sensitive patient fields such as full name, date of birth, SSN, patient number, address, contact details, and email. The organization operates under HIPAA regulations and serves patients across 15 states including residents of long-term care facilities and correctional institutions.
Date: 2026-05-19T15:48:16Z
Network: openweb
Published URL: https://breached.st/threads/897gb-pdihealth-com-pdi-health-preventive-diagnostics.87382/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: PDI Health (Preventive Diagnostics)
Victim Site: pdihealth.com - Mass Defacement of oguild.com by Threat Actor Zod
Category: Defacement
Content: On May 19, 2026, threat actor Zod conducted a mass defacement attack targeting oguild.com, a domain associated with online gaming or guild communities. The attack was confirmed as part of a mass defacement campaign, with a mirror of the defaced page archived at haxor.id. No specific motivation or technical exploitation details were disclosed.
Date: 2026-05-19T15:31:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249400
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Gaming / Online Communities
Victim Organization: OGuild
Victim Site: oguild.com - Carding activity discussion on Dread forum
Category: Chatter
Content: A forum post on Dreads Carders board references multiple countries (US, UK, AU, EU, CA, NZ) in what appears to be fragmented carding-related content. The post is largely incoherent but references spending activity, consistent with carding solicitation. No specific victim, dataset, or actionable details are present.
Date: 2026-05-19T15:28:54Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/f70124179773fd9aa61a
Screenshots:
None
Threat Actors: UV_lightScanPassMONEY_ 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mass defacement of arhat.rewarity.com by threat actor Zod
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Zod conducted a mass defacement campaign targeting arhat.rewarity.com, replacing the content of the page at /zod.html. The incident is classified as a mass defacement, indicating multiple sites were likely targeted in the same operation. A mirror of the defacement was archived via haxor.id.
Date: 2026-05-19T15:28:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249399
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Rewarity
Victim Site: arhat.rewarity.com - Alleged combo list of mixed European accounts
Category: Combo List
Content: A combo list of approximately 29,497 email:password credentials described as private Full Access (FA) Europa mix has been shared on a cracking forum. The dataset appears to target mixed European accounts. No additional context or victim organization is specified.
Date: 2026-05-19T15:20:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-29-497-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 28,290 Email:Password Credentials
Category: Combo List
Content: A combo list containing 28,290 email and password credential pairs was shared on a cracking forum. The credentials are marketed as private, fresh, and verified (good line). No specific victim organization or service was identified in the post.
Date: 2026-05-19T15:20:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-28-290-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 770K credentials shared on cracking forum
Category: Combo List
Content: A threat actor known as MetaCloud3 is distributing a combo list of approximately 770,000 email:password credentials on a cracking forum. The list is described as a private base advertised as suitable for use against any target. No specific victim organization is identified.
Date: 2026-05-19T15:20:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1770K-FELITFE-BALLBUSTING-CC%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mail access combo list mix shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list labeled Mail access valid mix #4 on a cracking forum. The post contains no additional details regarding the source, record count, or targeted services.
Date: 2026-05-19T15:19:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mail-access-valid-mix-4
Screenshots:
None
Threat Actors: Spam4LY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list with 1,855 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list containing 1,855 mixed credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-19T15:17:13Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1855x-FRESH-MIX-%E2%9A%A1%E2%9A%A1–20957
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mix Mail Combo List Free Share
Category: Combo List
Content: A threat actor shared a mixed mail combo list on a leak forum, marketed as private and fresh, and checked by the poster. Content is hidden behind a registration/like wall, limiting visibility into record count or targeted services.
Date: 2026-05-19T15:16:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1MIX-MAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–20958
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail credential combo list sample shared on forum
Category: Combo List
Content: A forum user shared a sample combo list of 890 Hotmail email and password pairs on a combolist forum. The content is hidden behind registration or login. This is a credential stuffing resource, not a breach of Hotmail or Microsoft.
Date: 2026-05-19T15:15:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-890x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1–204761
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Universität des Saarlandes student database
Category: Data Leak
Content: A threat actor claims to have breached the Universität des Saarlandes and is freely distributing the full student database after failed ransom negotiations. The leaked archive reportedly contains Moodle user records for approximately 42,000 students. The actor threatens further university targets if their demands are not met.
Date: 2026-05-19T15:14:28Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-DE-Universit%C3%A4t-des-Saarlandes-42k-students-breached
Screenshots:
None
Threat Actors: StrikerDE
Victim Country: Germany
Victim Industry: Education
Victim Organization: Universität des Saarlandes
Victim Site: uni-saarland.de - Alleged free data leak with unspecified content
Category: Data Leak
Content: A forum user posted a thread titled FREEBIES MORE FRESH DATA TODAY on a dark web forum, claiming to share free data. The post contains no substantive content beyond a link prompt, with no details about the victim, data type, or record count.
Date: 2026-05-19T15:13:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77096
Screenshots:
None
Threat Actors: chechnyafsbc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of American Income Life Insurance Company
Category: Data Breach
Content: A threat actor is selling an alleged database dump from American Income Life Insurance Company containing approximately 151,000 records. The dataset includes personally identifiable information such as names, phone numbers, emails, dates of birth, insured addresses, policy numbers, annualized premiums, death benefit amounts, and policy status fields. The data structure indicates exposure of sensitive insurance policyholder records.
Date: 2026-05-19T14:59:33Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-American-Income-Life-Insurance-Company-www-ailife-com
Screenshots:
None
Threat Actors: pm_rasel
Victim Country: United States
Victim Industry: Finance
Victim Organization: American Income Life Insurance Company
Victim Site: ailife.com - Sale of initial access to undisclosed Italian manufacturing company via VPN (OpenVPN)
Category: Initial Access
Content: A threat actor is selling VPN (OpenVPN) access with Database Admin (SA) privileges to an undisclosed Italian manufacturing company with an estimated revenue of $5M–$10M and a network of approximately 50 hosts. No AV or EDR was detected on the target. The access is listed at $708 (0.00832608 BTC) and was verified within the last 72 hours.
Date: 2026-05-19T14:56:37Z
Network: openweb
Published URL: https://breachforums.rs/Thread-VPN-VPN-OpenVPN-Manufacturing-Italy-5M-10M-revenue
Screenshots:
None
Threat Actors: CocoMel0n
Victim Country: Italy
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown - Sale of SSH Root Access to Ukrainian E-Commerce Cosmetics Platform
Category: Initial Access
Content: A threat actor is selling exclusive SSH root access to a Linux server hosting a Ukrainian e-commerce and wholesale cosmetics platform with estimated annual revenue of $100K–$300K. The access is described as persistent and includes live customer databases, order records, and payment gateway integrations. The seller is asking $200 in Monero and requires use of an official forum escrow service.
Date: 2026-05-19T14:56:10Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SSH-Root-Access-E-Commerce-Cosmetics-Wholesale-Ukraine-100K-Reven
Screenshots:
None
Threat Actors: Obey_Your_Master
Victim Country: Ukraine
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown - Sale of stolen credit cards with CVV and cardholder data across multiple countries
Category: Carding
Content: A threat actor is selling 2,400 stolen credit cards including Mastercard, Visa, and Discover cards with CVV, cardholder name, and expiration date. Cards are attributed to multiple issuing banks including Citibank, Wells Fargo, ANZ Bank, Royal Bank of Canada, Chase, and NatWest, spanning multiple countries. Batches are offered for sale via direct message or an external storefront.
Date: 2026-05-19T14:54:30Z
Network: openweb
Published URL: https://xforums.st/threads/selling-cc-cvv-holder-name-exp.615502/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Russian and Belarusian industrial B2B marketplace
Category: Data Breach
Content: A threat actor is selling an alleged database dump from an unnamed Russian and Belarusian industrial B2B marketplace, containing approximately 961,264 rows across multiple tables. The dataset reportedly includes customer personal data (names, emails, phone numbers), corporate registry details (INN, KPP, OGRN, bank account data), B2B lead logs, contracts, billing records, and financial transaction histories. The data is claimed to be fresh, with entries dated up to December 2025.
Date: 2026-05-19T14:54:11Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-BY-RU-Industrial-B2B-E-Commerce-Marketplace-DB-Fresh-Dec-2025-960K-Total
Screenshots:
None
Threat Actors: Obey_Your_Master
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown - Sale of FortiSSL IP list with geolocation data
Category: Services
Content: A threat actor is offering a list of 50,000 FortiSSL IP addresses with geolocation data, claimed to be gathered via proprietary mass-scanning infrastructure rather than third-party sources such as Shodan or FOFA. The data is formatted as IP and geo pairs and is gated behind a post-count requirement. This type of data is typically used to identify potentially vulnerable Fortinet SSL VPN endpoints.
Date: 2026-05-19T14:53:36Z
Network: openweb
Published URL: https://tier1.life/thread/247
Screenshots:
None
Threat Actors: AccessTracker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free South Korea Email Combo List (Batch 49/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korea-focused email credentials, labeled as batch 49 of 100. The content is gated behind forum registration or login. No specific victim organization or record count is disclosed.
Date: 2026-05-19T14:52:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-49-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user is sharing 950 Hotmail credential lines described as fresh. The content is hidden behind a registration or login wall. No specific breach victim or organization is identified.
Date: 2026-05-19T14:51:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x950-hotmail-fresh-lines
Screenshots:
None
Threat Actors: RespectSentai
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Crunchyroll accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 14,000 credentials marketed as fresh Crunchyroll account hits. The list is being distributed for free via a hidden download link requiring forum registration. This is a credential stuffing list targeting Crunchyroll and does not represent a breach of the platform itself.
Date: 2026-05-19T14:50:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-14k-fresh-crunchyroll-combolist
Screenshots:
None
Threat Actors: mrglitchxxxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list with 812 valid accounts
Category: Combo List
Content: A threat actor shared a combo list containing 812 claimed valid Hotmail credentials, marketed as active access. The post references a Telegram bot and appears to be a free or promotional distribution of the credentials.
Date: 2026-05-19T14:50:18Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%94%A5812-hotmail-valid-access-19-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list with 507 valid accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 507 alleged valid Hotmail credentials, marketed as active access dated May 19, 2026. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-19T14:49:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%94%A5507-hotmail-valid-access-19-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Canadian beauty salon business database
Category: Data Leak
Content: A threat actor has freely shared a database claiming to contain 1 million+ records of beauty salon and cosmetics businesses from Canada and international regions. The dataset reportedly includes business names, phone numbers, email addresses, physical addresses, website links, and related metadata. The post markets the data for email marketing, lead generation, and B2B outreach purposes.
Date: 2026-05-19T14:49:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Canada-Beauty-Saloon-1M-Database-Free
Screenshots:
None
Threat Actors: Vyntra
Victim Country: Canada
Victim Industry: Health & Beauty
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list of 1,464 credentials shared on forum
Category: Combo List
Content: A user shared a combo list of 1,464 Hotmail credentials on a public forum. The content is gated behind registration or login. No breach of a specific organization is claimed.
Date: 2026-05-19T14:49:40Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-x1464-hq-hotmail-%E2%9A%A1%E2%9A%A1-by-stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of initial access to undisclosed Brazilian municipal government entity
Category: Initial Access
Content: A threat actor is selling RDWeb access with Server Admin privileges to an undisclosed Brazilian municipal government organization with an estimated revenue of $250M–$500M and a network of approximately 10,000+ hosts. The access is protected by Bitdefender GZ and was verified within the last 48 hours. Payment is requested in Bitcoin.
Date: 2026-05-19T14:49:04Z
Network: openweb
Published URL: https://xforums.st/threads/rdweb-government-municipal-brazil-250m-500m-revenue.615500/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Combo List distributed via Telegram channel
Category: Combo List
Content: A user shared a ULP (URL:Login:Password) combo list dated 19-05-26 via a Telegram channel. No specific victim organization or record count was disclosed.
Date: 2026-05-19T14:48:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-ULP-TXT-LOG-19-05-26
Screenshots:
None
Threat Actors: ULPTXT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 236K credentials shared on cracking forum
Category: Combo List
Content: A combo list of approximately 236,000 URL:login:password (ULP) credentials was shared on a cracking forum. The post markets the list as private and UHQ (ultra-high quality). No specific victim organization or targeted service was identified.
Date: 2026-05-19T14:48:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-236K-ULP-PRIVATE-UHQ
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of RedLine Stealer Logs
Category: Logs
Content: A forum user is offering RedLine stealer logs described as fresh and paid. The post references 2,756 full logs from the RedLine infostealer. No further details are available from the post content.
Date: 2026-05-19T14:47:47Z
Network: openweb
Published URL: https://cracked.st/Thread-REDLINEVIP-FRESH-PAID-STEALER-FULL-LOGS-2756
Screenshots:
None
Threat Actors: FATHER121
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed stealer logs by FATETRAFFIC
Category: Logs
Content: A forum user shared a collection of 4,705 mixed stealer logs attributed to FATETRAFFIC. No additional details about the source, targeted organizations, or geographic distribution were provided in the post.
Date: 2026-05-19T14:47:27Z
Network: openweb
Published URL: https://cracked.st/Thread-FATETRAFFIC-4705-MIX-Logs
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed European combolist with 32,131 credentials
Category: Combo List
Content: A forum member shared a mixed European combo list containing approximately 32,131 email:password credential pairs. The post is categorized as a private full-access combolist, suggesting it may be offered for sale or restricted distribution. No specific victim organization or breach source is identified.
Date: 2026-05-19T14:46:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-32-131-Private-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 618K Hotmail/Outlook/MSN/Live credentials shared on cracking forum
Category: Combo List
Content: A threat actor operating under the alias MetaCloud3 has shared a combo list of approximately 618,000 Hotmail, Outlook, MSN, and Live email credentials on a cracking forum. The post markets the list as a private base suitable for credential stuffing against any target.
Date: 2026-05-19T14:46:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1618K-HOTMAIL-OUTLOOK-MSN-LIVE%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 2,000 credentials
Category: Combo List
Content: A forum post advertises a Hotmail combo list containing approximately 2,000 credentials. No post content was available; details are inferred from the thread title. The named service is a credential-stuffing target, not a breach victim.
Date: 2026-05-19T14:46:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-2K-HOTMAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisakix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 787K mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 787,000 email address and password pairs, marketed as high quality, private, and sourced from dehashed lines. The post advertises the credentials as fresh and unique, suitable for mail access credential stuffing.
Date: 2026-05-19T14:46:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-787K-%E3%80%8D%E2%9A%A1MAIL-ACCESS%E2%9A%A1HIGH-QUALITY-PRIVATE-COMBO%E2%9A%A1DEHASHED-LINES%E2%9A%A1FRESH-AND-UNIQUE%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Private Europe Mix Email/Password Combo (17,214 Records)
Category: Combo List
Content: A combo list containing 17,214 email and password pairs described as a private Europe mix full access (FA) combo was shared on a cracking forum. The dataset appears to be a credential collection sourced from multiple breaches targeting European accounts. No specific victim organization or service is identified.
Date: 2026-05-19T14:45:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-17-214-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Forum announcement or meta-post with no content available
Category: Chatter
Content: A post by user HugBunter on the Dread forum contains no available content. No threat indicators or actionable intelligence can be extracted from this post.
Date: 2026-05-19T14:45:21Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/eef5045e643fb743b8f1/?context=df7fec0f2dd4e8e87e#c-df7fec0f2dd4e8e87e
Screenshots:
None
Threat Actors: HugBunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 236K credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list advertised as 236K UHQ (ultra-high quality) email:password credentials on a cracking forum. No additional details about the source or targeted services are available from the post content.
Date: 2026-05-19T14:45:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-236K-UHQ-ULP-PRIVATE
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 707 credentials
Category: Combo List
Content: A forum user shared a combo list of 707 Hotmail credentials, marketed as Hydra hits. The post offers no further technical details about the datas origin or verification status.
Date: 2026-05-19T14:44:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-707x-HYDRA-HOTMAIL
Screenshots:
None
Threat Actors: LordOfSea91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 151K EDU-targeted combo list
Category: Combo List
Content: A threat actor is offering a 151,000-record combo list targeting EDU accounts, advertised as high quality with EMAIL:PASS and USER:PASS formats. The list includes credentials spanning multiple countries and email providers including AOL, Yahoo, Hotmail, and Outlook. The actor is selling via Telegram and promoting an associated cracking service website.
Date: 2026-05-19T14:44:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-151K-EDU-TARGETED-COMBOLIST–204750
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 785K Facebook and Instagram credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 785,000 email and password pairs reportedly sourced from Facebook and Instagram accounts. The post markets the credentials as a private base suitable for use against any target. No specific breached organization is identified.
Date: 2026-05-19T14:44:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1785K-FACEBOOK-INSTAGRAM%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANY-TARGET%E2%9A%A1–2096254
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Gmail combo list of 24 million credentials freely shared
Category: Combo List
Content: A threat actor has freely shared a combo list advertised as containing 24 million Gmail credentials, marketed as freshly checked. This is a credential stuffing list and does not represent a breach of Gmail itself.
Date: 2026-05-19T14:44:08Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A824M-Gmail-Combolist-1-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of Raccoon Stealer v2 logs from Mexico
Category: Logs
Content: A threat actor is freely distributing 2,500 Raccoon Stealer v2 logs sourced from Mexican victims running Windows Server 2022. The logs contain credentials and cookies harvested via Chrome 120.x. The post includes a download link and password for access.
Date: 2026-05-19T14:43:16Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-raccoon-stealer-v2-2500-logs-mx-windows-server-2022.615501/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of FUD Sender Pro bulk email and phishing delivery tool
Category: Phishing
Content: A threat actor is selling FUD Sender Pro, a desktop-based bulk email sender supporting SMTP and API delivery, HTML/image/PDF payloads, and randomized personalization tags. The tool is marketed for bulk and personalized email campaigns and supports Mailgun and Brevo APIs, consistent with phishing or spam delivery infrastructure. The seller is advertising via Telegram handle office_365shop.
Date: 2026-05-19T14:42:57Z
Network: openweb
Published URL: https://crackingx.com/threads/75780/
Screenshots:
None
Threat Actors: imi_jav1995
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free Hotmail combo list publicly released by Dragonvit (Part 2)
Category: Combo List
Content: A threat actor known as Dragonvit publicly released a Hotmail combo list as a free drop on a cracking forum. The post includes a contact for purchasing additional services such as software, proxies, RDP, and private traffic. No record count was specified.
Date: 2026-05-19T14:42:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-HOTMAILS-PUBLIC-DROP-BY-DRAGONVIT-%E2%9A%A1-Part-2
Screenshots:
None
Threat Actors: Vitdragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Public release of Hotmail combo list by DragonVit (Part 3)
Category: Combo List
Content: A threat actor known as Vitdragon/DragonVit has publicly released a Hotmail credential combo list as part of an ongoing series. The post advertises additional services including proxies, RDP, and private traffic. No record count or specific victim organization is identified.
Date: 2026-05-19T14:42:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-HOTMAILS-PUBLIC-DROP-BY-DRAGONVIT-%E2%9A%A1-Part-3
Screenshots:
None
Threat Actors: Vitdragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of Hotmail credentials shared freely
Category: Combo List
Content: A threat actor known as Kommander0 has freely shared a combo list containing approximately 941 Hotmail credentials, marketed as fully valid. The list was made available via an external file-sharing link.
Date: 2026-05-19T14:42:08Z
Network: openweb
Published URL: https://crackingx.com/threads/75772/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Public combo list drop by threat actor Dragonvit (Part 67)
Category: Combo List
Content: Threat actor Vitdragon publicly released a corporate combo list drop (Part 67) on a cracking forum. The post advertises email:password credentials and additional services including proxies, RDP, and private traffic. No specific victim organization or record count was disclosed.
Date: 2026-05-19T14:41:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-%C2%A0%C2%A0CORP-PUBLIC-DROP-BY-DRAGONVIT-%E2%9A%A1-Part-67
Screenshots:
None
Threat Actors: Vitdragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user is sharing a combo list of approximately 3,003 Hotmail credentials described as fresh and valid. The content is restricted to registered users. This appears to be a credential stuffing resource targeting Hotmail accounts.
Date: 2026-05-19T14:41:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75773/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list drop by threat actor Dragonvit
Category: Combo List
Content: Threat actor Dragonvit publicly released a combo list (email:password pairs) labeled as HOTS on a cracking forum. The post is part of a recurring series and includes advertisements for additional services such as private traffic, proxies, RDP, and software. No specific victim organization or record count was disclosed.
Date: 2026-05-19T14:41:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-%C2%A0-HOTS%C2%A0-PUBLIC-DROP-BY-DRAGONVIT-%E2%9A%A1-Part-1488
Screenshots:
None
Threat Actors: Vitdragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing 1,287 alleged Hotmail credential hits via a download link on a cracking forum. The credentials are marketed as premium hits, suggesting they have been tested and verified against Hotmail accounts. No additional details about the source of the credentials were provided.
Date: 2026-05-19T14:41:33Z
Network: openweb
Published URL: https://crackingx.com/threads/75774/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Office combo list (1 million credentials)
Category: Combo List
Content: A threat actor is offering a combo list of 1 million credentials allegedly usable for Microsoft Office/Office 365 credential stuffing. The post directs interested parties to a Telegram account and two associated Telegram groups advertising free combos and tools.
Date: 2026-05-19T14:41:19Z
Network: openweb
Published URL: https://crackingx.com/threads/75775/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free Hotmail combo list publicly released by Dragonvit
Category: Combo List
Content: A threat actor operating as Dragonvit has publicly released a Hotmail email:password combo list on a cracking forum. The post includes a download link for a file dated May 2026 and advertises additional services including proxies, RDP, and private traffic.
Date: 2026-05-19T14:41:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-HOTMAILS-PUBLIC-DROP-BY-DRAGONVIT-%E2%9A%A1-Part-1
Screenshots:
None
Threat Actors: Vitdragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of alleged WordPress credentials or database dump
Category: Combo List
Content: A forum post on CX references WordPress-related content, with access gated behind registration and a password shared via a Telegram channel. The actual content is not visible; no further details about record count, specific victims, or data types are available.
Date: 2026-05-19T14:40:57Z
Network: openweb
Published URL: https://crackingx.com/threads/75781/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Mixed Email Access Credentials (80,000 records)
Category: Combo List
Content: A threat actor on Cracked.st is distributing a mixed email combo list containing approximately 80,000 email:password credential pairs. The post appears to offer free access to the credentials based on the forum context. No specific victim organization or breach source is identified.
Date: 2026-05-19T14:40:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-80000x%E2%9A%A1MIX-MAIL%E2%9A%A1ACCESS%E2%9A%A1
Screenshots:
None
Threat Actors: ACE_XD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Germany Mixed Target Combo List (832,303 Lines)
Category: Combo List
Content: A combo list of 832,303 email:password lines targeting German (.de) accounts across mixed services has been shared on a cracking forum. The list is marketed as a mixed-target credential collection for Germany. No specific victim organization is identified.
Date: 2026-05-19T14:40:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-832-303-Lines-%E2%9C%85-Germany-de-Combolist-Mixed-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 3.1K Mixed Mail Access Credentials
Category: Combo List
Content: A combo list containing approximately 3,100 mixed mail access credentials was shared on a cracking forum. The post appears to offer email and password pairs for various mail providers. No additional details about the source or origin of the credentials are available.
Date: 2026-05-19T14:40:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-3-1K-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 280K USA combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 280,000 email:password credential pairs purportedly sourced from US users. The post markets the credentials as fresh and previously unused. No specific victim organization or breach source is identified.
Date: 2026-05-19T14:39:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-280K-USA-COMBOLIST-%E2%9C%94%EF%B8%8F-UNRAPED-AND-FRESH-LINES-%E2%9C%94%EF%B8%8F19-5-26
Screenshots:
None
Threat Actors: AstroBella
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Request for French IBAN bank account
Category: Chatter
Content: A forum user is seeking to purchase a fresh French IBAN bank account, requesting safe escrow for the transaction. No further details are provided.
Date: 2026-05-19T14:39:38Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/87f875bad041aba55830
Screenshots:
None
Threat Actors: Bendhash 🍼
Victim Country: France
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Sale of European combo list mix
Category: Combo List
Content: A combo list containing approximately 24,358 email and password pairs described as a private European mix has been shared on a cracking forum. The post is categorized as full access (FA) credentials targeting European accounts. No specific victim organization or service is identified.
Date: 2026-05-19T14:39:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-24-358-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mixed combo list publicly released by threat actor Dragonvit
Category: Combo List
Content: A threat actor known as Vitdragon publicly released a mixed email:password combo list on a cracking forum. The post advertises additional services including proxies, RDP, traffic, and software. No specific victim organization or record count is disclosed.
Date: 2026-05-19T14:39:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1-%C2%A0-MIXED-PUBLIC-DROP-BY-DRAGONVIT-%E2%9A%A1-Part-1
Screenshots:
None
Threat Actors: Vitdragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mix email combo list with 59K credentials
Category: Combo List
Content: A threat actor is distributing a mixed email and password combo list containing approximately 59,000 credential pairs. The post offers a download link with no additional details about the source or target services.
Date: 2026-05-19T14:38:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-59K-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Mei_Misaki
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 10K UHQ Mixed Mail Access Credentials
Category: Combo List
Content: A combo list of 10,000 mixed mail access credentials described as UHQ (ultra high quality) was shared on a cracking forum. The post contains no additional details about the source or targeted services.
Date: 2026-05-19T14:38:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10K-UHQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 251K Hotmail credentials shared on forum
Category: Logs
Content: A threat actor shared a combo list containing approximately 251,000 Hotmail domain credentials, marketed as valid as of May 19, 2026. The post requires forum registration to access the content. This appears to be a credential stuffing list targeting Hotmail accounts.
Date: 2026-05-19T14:38:10Z
Network: openweb
Published URL: https://xforums.st/threads/251k-hotmail-domain-with-valid-19-05-26.615498/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list targeting Yahoo domain with 1.685 million credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1.685 million email:password lines targeting Yahoo domain accounts. The credentials are intended for credential-stuffing activity against Yahoo-domain email accounts. No breach of Yahoo is implied; the list is aggregated from external sources.
Date: 2026-05-19T14:38:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-685-469-Lines-%E2%9C%85-Combolist-Target-Yahoo-Domain
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting France
Category: Combo List
Content: A user on a cracking forum has shared what appears to be a French email:password combo list. The post requests users not to leech, suggesting free distribution to registered members. No further details about record count or source are provided.
Date: 2026-05-19T14:37:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-FRANCE–2096310
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of European combo list with 55,004 credentials
Category: Combo List
Content: A threat actor on Cracked forum is sharing a private combo list of 55,004 email:password pairs reportedly sourced from European accounts. The post is marketed as FA (full access) quality. No specific victim organization or service is identified.
Date: 2026-05-19T14:37:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55-004-Private-FA-Combolist-Europa-Good–2096294
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged combo list targeting European accounts
Category: Combo List
Content: A combo list containing approximately 35,363 email:password pairs purportedly targeting European accounts has been shared on a cracking forum. The post is categorized as a private combo list marketed as high quality. No additional details are available from the post content.
Date: 2026-05-19T14:36:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-35-363-Private-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed email:password combo list with 29,905 records
Category: Combo List
Content: A threat actor shared a mixed email:password combo list containing 29,905 records on a cracking forum. The post is categorized as mail access credentials. No additional details are available from the post content.
Date: 2026-05-19T14:36:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-29-905-mixed-Combolist-Mail-Pass-Mail-Access
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - 130K USA Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 130,000 email and password pairs purportedly sourced from US-based accounts. The credentials are marketed as fresh and unused. No specific victim organization or service is identified.
Date: 2026-05-19T14:36:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-130K-USA-COMBOLIST-%E2%9C%94%EF%B8%8F-UNRAPED-AND-FRESH-LINES-%E2%9C%94%EF%B8%8F19-5-26
Screenshots:
None
Threat Actors: AstroBella
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Carding inquiry: converting fraudulent prepaid Visa/Mastercard gift card to cryptocurrency
Category: Chatter
Content: A forum user is seeking advice on how to fraudulently purchase a $500 AUD prepaid Visa/Mastercard gift card from card.gift and convert it to cryptocurrency (BTC/USDT) before the anticipated fraudulent transaction dispute is filed. The user is asking about anonymization techniques (VPN usage, avoiding tracking) and methods to cash out via a crypto.com account. The post indicates awareness that the transaction will trigger a fraud dispute, suggesting deliberate payment fraud.
Date: 2026-05-19T14:35:38Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/86b5ca7f7ed543e3684d
Screenshots:
None
Threat Actors: budzy653 🍼
Victim Country: Australia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: card.gift - Sale of unauthorized premium media streaming service (Plex/Emby/Jellyfin shares)
Category: Services
Content: A forum seller is advertising a paid media streaming service offering Plex, Emby, and Jellyfin shares with access to a claimed library of 30,000+ movies, 20,000+ TV shows, and additional audiobook and ebook content. The service is priced at $10 USD per month and is likely distributing unlicensed media content. No specific victim organization or breach is involved.
Date: 2026-05-19T14:35:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-QUANTUM-STREAMS-EMBY-JELLYFIN-PLEX-SHARES-2PB-LIBRARY
Screenshots:
None
Threat Actors: qstrm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Mobbin Pro subscription access
Category: Services
Content: A forum seller is offering discounted Mobbin Pro design reference library subscriptions (1-year access) at reduced prices via direct message. The post advertises Pro and Team plan tiers significantly below retail pricing. No breach or compromised data is involved.
Date: 2026-05-19T14:34:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Mobbin-Pro-%E2%80%93-Design-Reference-Library-1-Year-%E2%9C%A8%E2%9C%A8%E2%9C%A8
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Granola AI meeting notes subscription
Category: Services
Content: A forum seller is offering a one-year Granola AI meeting notes subscription for $30, discounted from the retail price of $120. The seller claims to provide access to the buyers account via direct message. It is unclear whether the subscriptions are legitimate, resold, or obtained through unauthorized means.
Date: 2026-05-19T14:34:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8FGranola-%E2%80%93-AI-Meeting-Notes-1-Year-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted TryHackMe subscription access
Category: Services
Content: A forum user is offering discounted TryHackMe 1-year subscription plans at $50–$60, significantly below the stated retail price of $168. The seller instructs buyers to DM for account access, suggesting resale of obtained credentials or vouchers. No specific victim organization or breach is claimed.
Date: 2026-05-19T14:34:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1%E2%9A%A1%E2%9A%A1TryHackMe-%E2%80%93-Learn-Cybersecurity-1-Year-%E2%9C%A8%E2%9C%A8%E2%9C%A8
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Hotmail with 25,000 credentials
Category: Logs
Content: A combo list purportedly containing 25,000 unique Hotmail credentials was shared on a cybercrime forum. The post content is minimal but the thread title indicates the list is marketed as unique. This is a credential stuffing resource, not a breach of Microsoft or Hotmail directly.
Date: 2026-05-19T14:34:11Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_4_25000.615499/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted N8N automation service subscription
Category: Services
Content: A forum seller is offering discounted N8N workflow automation service subscriptions at $50/year, reduced from a claimed retail price of $180/year. The post advertises features including 400+ app integrations, visual workflow builder, and cloud hosting. Buyers are directed to DM the seller for account access.
Date: 2026-05-19T14:34:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8N8N-Starter-%E2%80%94-Automate-Everything-Manually-Do-Nothing-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Magic Pattern design tool subscription
Category: Services
Content: A forum seller is offering discounted annual subscriptions to Magic Pattern, an AI-powered design tool, at $40/year versus the retail price of $144/year. The seller claims access is granted via DM and advertises unlimited downloads of AI-generated patterns, UI components, and SVG exports. This appears to be a resale or shared-account service.
Date: 2026-05-19T14:33:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8FMagic-Pattern-%E2%80%94-Designs-That-Make-People-Stop-Scrolling%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Gamma Pro subscription service at discounted price
Category: Services
Content: A forum user is advertising discounted Gamma Pro (AI presentation software) subscriptions at $60/year, compared to the retail price of $192/year. The seller claims to provide access via DM on the buyers account. This appears to be an unauthorized resale or shared account service.
Date: 2026-05-19T14:33:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Gamma-Pro-%E2%80%94-Presentations-That-Sell-Themselves
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of NFA combo lists with free test offered
Category: Combo List
Content: A threat actor is advertising high-quality NFA (No Further Action) combo lists for sale, offering a free test sample prior to purchase. The post directs interested buyers to a Telegram contact for further details.
Date: 2026-05-19T14:33:06Z
Network: openweb
Published URL: https://cracked.st/Thread-NFA-COMBO-FOR-YOUR-TARGET-WITH-TEST-FIRST
Screenshots:
None
Threat Actors: Cloudredhat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of discounted Manus AI subscription access
Category: Services
Content: A forum seller is offering discounted Manus AI annual subscriptions at $120/year, advertised against a retail price of $480/year. The seller claims to provide access to the autonomous AI agent service via the buyers account. The nature of the discounted access (e.g., whether accounts are legitimate or compromised) is not specified in the post.
Date: 2026-05-19T14:32:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8Manus-AI-%E2%80%94-Work-Smart-Not-Hard-Most-people-work-10-hours-a-day-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Windows RDP/VM hosting service on cracking forum
Category: Services
Content: A forum user is selling access to a Windows RDP/Virtual Machine with 16 vCores AMD EPYC, 32GB RAM, and ~600GB storage for $25. The listing explicitly permits credential-stuffing tools such as OpenBullet with proxies. The seller advertises the service via Telegram.
Date: 2026-05-19T14:32:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Powerful-Windows-RDP-VM-16-vCores-AMD-EPYC-32GB-RAM-25
Screenshots:
None
Threat Actors: ScottPilgrim
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of initial access to Brazil Government Health Portal
Category: Initial Access
Content: A threat actor is offering verified credentials for the Brazil Government Health Portal for $200 via a dark web forum. The seller claims the credentials are verified and is requiring escrow for transactions. No further technical details about the access level or affected systems were disclosed.
Date: 2026-05-19T14:31:01Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-200-Brazil-Government-Health-Portal
Screenshots:
None
Threat Actors: Florence
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Brazil Government Health Portal
Victim Site: Unknown - Alleged data breach of Speedio.com.br exposing 62 million Brazilian B2B records
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Speedio.com.br, a Brazilian B2B data platform, containing 62 million records including approximately 27.6 million unique email addresses. The dataset reportedly includes company legal names, trading names, founding dates, activity codes, phone numbers, addresses, WhatsApp contacts, and financial details such as capital amounts. The post includes a session token and references an escrow service for the transaction.
Date: 2026-05-19T14:28:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Speedio-com-br-Brazil-B2B-62M
Screenshots:
None
Threat Actors: Claude
Victim Country: Brazil
Victim Industry: Technology
Victim Organization: Speedio
Victim Site: speedio.com.br - Sale of combo list targeting Eneba and G2A gaming platforms
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 741,000 credential pairs marketed as high-quality, dehashed, and fresh lines targeting Eneba and G2A gaming/digital goods platforms. The post promotes a Telegram-based combo cloud service offering private lines for credential stuffing purposes.
Date: 2026-05-19T14:28:43Z
Network: openweb
Published URL: https://breached.st/threads/741k-high-voltageeneba-g2ahigh-voltagehigh-quality-private-combohigh-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87366/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 683K streaming combo list targeting US users
Category: Combo List
Content: A threat actor operating as MetaCloud is offering a combo list of approximately 683,000 credential pairs marketed as high-quality, dehashed, and fresh lines targeting US streaming services. The post advertises a Telegram-based combo cloud service offering private lines. No specific victim organization is identified.
Date: 2026-05-19T14:28:12Z
Network: openweb
Published URL: https://breached.st/threads/683k-high-voltagestreaming-usahigh-voltagehigh-quality-private-combohigh-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87367/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 8.7K mixed mail access combo list
Category: Combo List
Content: A threat actor shared a combo list of 8,700 reportedly valid mixed email account credentials on a forum. The post is gated behind a reply requirement and is marketed as high quality.
Date: 2026-05-19T14:27:43Z
Network: openweb
Published URL: https://altenens.is/threads/8-7k-full-valid-mail-access-mix-top-quality-19-05.2942645/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 611K Scribd credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 611,000 credentials advertised as a private base suitable for use against any target, including Scribd. The post promotes a Telegram-based combo cloud service offering similar credential lists.
Date: 2026-05-19T14:27:39Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage611k-scribdhigh-voltageprivate-base-good-on-any-targethigh-voltage.87370/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - 20K Corporate Mail Access Combo List
Category: Combo List
Content: A threat actor is sharing a combo list of 20,000 purportedly valid corporate email access credentials. The post requires a reply to access the hidden download link. The data is described as fresh, dated May 19.
Date: 2026-05-19T14:27:17Z
Network: openweb
Published URL: https://altenens.is/threads/20k-full-valid-corp-mail-access-19-05.2942640/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Distribution of 1 million URL:Log:Pass combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 1 million URL:login:password credential pairs on a darknet forum. The content is gated behind account replies or upgrades. No specific victim organization or breach source is identified.
Date: 2026-05-19T14:27:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76809
Screenshots:
None
Threat Actors: Seaborg_p
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 757K cryptocurrency-targeted combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 757,000 credential lines marketed as targeting cryptocurrency users. The post describes the data as dehashed, fresh, and unique, and promotes a Telegram-based combo cloud service offering similar content.
Date: 2026-05-19T14:27:06Z
Network: openweb
Published URL: https://breached.st/threads/757k-high-voltagecrypto-targetshigh-voltagehigh-quality-private-combohigh-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87371/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail Access Combo List (USA, Europe, Asia, Russia)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 800 Hotmail credentials sourced from users in the USA, Europe, Asia, and Russia. The list is hidden behind a reply gate on the forum. No specific breached organization is identified; this appears to be a credential stuffing list targeting Hotmail accounts.
Date: 2026-05-19T14:26:45Z
Network: openweb
Published URL: https://altenens.is/threads/800x-hotmail-access-combo-usa-europe-asia-russian.2942680/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 779K OpenAI credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 779,000 credentials purportedly valid against OpenAI accounts. The post describes the data as sourced from a private base and claims suitability for use against any target. The actor also advertises a paid combo cloud service via Telegram.
Date: 2026-05-19T14:26:31Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage779k-open-aihigh-voltageprivate-base-good-on-any-targethigh-voltage.87372/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mix Mail Combo List (Hotmail, Outlook, AOL, GMX, Inbox, iCloud, Live)
Category: Combo List
Content: A threat actor is distributing a mixed email combo list targeting multiple providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The content is gated behind a reply requirement and linked to a Telegram channel. No specific record count or victim organization is identified.
Date: 2026-05-19T14:26:12Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-16.2942682/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list allegedly valid for Pornhub and XNXX
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 779,000 credentials advertised as a private base suitable for use against Pornhub, XNXX, and other targets. The post promotes a Telegram-based combo cloud service offering credential lists. No specific breached organization is identified.
Date: 2026-05-19T14:25:58Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage779k-pornhub-xnxxhigh-voltageprivate-base-good-on-any-targethigh-voltage.87375/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 600 Fresh Hotmail Credential Hits
Category: Combo List
Content: A threat actor is distributing 600 credentials marketed as fresh Hotmail hits, dated May 19. Access to the content requires a forum reply, suggesting a gate mechanism typical of combo list sharing.
Date: 2026-05-19T14:25:37Z
Network: openweb
Published URL: https://altenens.is/threads/600x-fresh-hotmail-hits-19-05.2942688/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 748K VPN combo list with dehashed credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 748,000 credential pairs marketed as high-quality, private, and dehashed lines targeting VPN services. The post advertises a Telegram-based combo cloud service offering access to similar credential datasets. No specific breached organization is identified.
Date: 2026-05-19T14:25:19Z
Network: openweb
Published URL: https://breached.st/threads/748k-high-voltagevpnhigh-voltagehigh-quality-private-combohigh-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87378/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of phone number and password combo list with 246K+ records
Category: Combo List
Content: A threat actor on a dark web forum has freely distributed a combo list containing phone numbers and passwords, reportedly containing over 246,000 records. The file was re-uploaded with a new download link. No specific victim organization or breach source is identified.
Date: 2026-05-19T14:25:14Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-%E2%AD%90%EF%B8%8F%E2%98%81PHONE-NUMBER-PAS
Screenshots:
None
Threat Actors: torevbar00
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of PayPal and Casino combo list with 767K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 767,000 credentials marketed as high-quality, dehashed, fresh, and unique lines targeting PayPal and casino platforms. The post advertises a Telegram-based combo cloud service offering private credential lines.
Date: 2026-05-19T14:24:46Z
Network: openweb
Published URL: https://breached.st/threads/767k-high-voltagepaypal-casinohigh-voltagehigh-quality-private-combohigh-voltagedehashed-lineshigh-voltagefresh-and-uniquehigh-voltage.87379/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of multi-country combo list targeting various services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 777,000 credential pairs allegedly sourced from France, Germany, Poland, the United Kingdom, and the United States. The post markets the list as a private base suitable for credential stuffing against any target. The actor also promotes a Telegram-based combo cloud service offering similar datasets.
Date: 2026-05-19T14:24:13Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage777k-fr-de-pl-uk-usahigh-voltageprivate-base-good-on-any-targethigh-voltage.87380/unread
Screenshots:
None
Threat Actors: MetaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of French cryptocurrency user database
Category: Data Breach
Content: A threat actor is offering for sale an alleged French cryptocurrency user database containing approximately 2.3 million records. Sample data includes full names, email addresses, phone numbers, physical addresses, dates of birth, and cryptocurrency balances. The data is being sold via Telegram with a free sample available for download.
Date: 2026-05-19T14:23:16Z
Network: openweb
Published URL: https://breached.st/threads/flag-france-crypro-database-2-3m.87364/unread
Screenshots:
None
Threat Actors: near2tlg
Victim Country: France
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 794K email:password credentials targeting streaming and VPN services
Category: Combo List
Content: A threat actor on a darknet forum has shared a combolist containing approximately 794,000 email and password pairs, marketed as suitable for credential stuffing against streaming and VPN services. The content is gated behind a reply requirement, suggesting it is being distributed freely to forum members.
Date: 2026-05-19T14:23:05Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-794k-Combolist-Email-Password-Good-for-Stream-Vpn-Etc-rar
Screenshots:
None
Threat Actors: mexicoverse
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of BIN, phone, and email lead database via BINLEADS.NET
Category: Carding
Content: A threat actor is selling a database of over 15 million records via BINLEADS.NET, with each entry containing a BIN (Bank Identification Number), phone number, and email address. The service is marketed for use in calls and marketing campaigns, with prices starting at $0.35 per line. Filtering options are advertised to allow targeting by niche.
Date: 2026-05-19T14:22:45Z
Network: openweb
Published URL: https://breached.st/threads/binleads-net-bin-phone-email-start-price-0-35.87373/unread
Screenshots:
None
Threat Actors: sanofi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: binleads.net - Alleged data leak of Vacances-Lagrange.com customer reservation database
Category: Data Leak
Content: A threat actor has freely leaked an alleged database from vacances-lagrange.com, a French holiday rental platform. The dataset, distributed in JSON format (35 MB), contains approximately 44,000 customer reservation records including names, booking details, accommodation information, financial transaction amounts, and personal comments. Download links are gated behind a forum reply requirement.
Date: 2026-05-19T14:22:17Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-44K-Vacances-Lagrange-com
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Travel & Tourism
Victim Organization: Vacances Lagrange
Victim Site: vacances-lagrange.com - Alleged data leak of Bayut UAE real estate platform
Category: Data Leak
Content: A threat actor has leaked an alleged dataset of 986,506 customer records attributed to Bayut, a major UAE real estate platform. The exposed data reportedly includes full names, email addresses, phone numbers, passwords, IP addresses, physical addresses, passport images, and property ownership documents. The dataset was made available on a dark web forum behind a reply or account upgrade requirement.
Date: 2026-05-19T14:22:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77076
Screenshots:
None
Threat Actors: attacker_company
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Bayut
Victim Site: bayut.com - Free release of 117K combo list
Category: Combo List
Content: A threat actor shared a combo list containing approximately 117,000 credential pairs via a public file-sharing link. The post directs users to a Telegram channel for the archive password. No specific victim organization or service is identified.
Date: 2026-05-19T14:21:56Z
Network: openweb
Published URL: https://breached.st/threads/117928-lines-117k-combo-by-hello_zod_bot.87365/unread
Screenshots:
None
Threat Actors: zoood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Universitas Lampung employee database
Category: Data Leak
Content: A threat actor has leaked an alleged employee database from Universitas Lampung, an Indonesian public university. The post includes a sample and a download link for the dataset. No record count was specified in the post.
Date: 2026-05-19T14:21:22Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-pegawai-universitas-lampung.87369/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Lampung
Victim Site: unila.ac.id - Website Defacement of cangatecidos.com.br by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 19, 2026, the Brazilian website cangatecidos.com.br was defaced by threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd. The attack targeted a specific subdirectory path rather than the homepage and was a singular, non-mass defacement incident. No specific motivation or server details were disclosed, and the defacement was archived via zone-xsec.com.
Date: 2026-05-19T14:16:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925107
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Cangatecidos
Victim Site: www.cangatecidos.com.br - Website Defacement of Nordiklum by DimasHxR
Category: Defacement
Content: On May 19, 2026, the attacker known as DimasHxR defaced a page on nordiklum.com, targeting a subdirectory within the sites media folder. The defacement was a targeted single-site attack with no team affiliation reported. The incident was recorded and mirrored by zone-xsec.com with mirror ID 925089.
Date: 2026-05-19T14:10:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925089
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: Nordiklum
Victim Site: nordiklum.com - Website Defacement of Ezonedeal by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a page on the Canadian e-commerce website ezonedeal.ca. The attack targeted a file within the public media directory, suggesting possible exploitation of an upload or content management vulnerability. The incident was recorded as a single, non-mass defacement with no prior redefacement history.
Date: 2026-05-19T14:08:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925102
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Canada
Victim Industry: E-Commerce / Retail
Victim Organization: Ezonedeal
Victim Site: ezonedeal.ca - Critical Remote Code Execution Vulnerability in Exim Mail Server (CVE-2026-45185)
Category: Vulnerability
Content: A critical vulnerability designated CVE-2026-45185 (also known as Dead.Letter) has been discovered in Exim mail servers compiled with GnuTLS cryptographic library. The vulnerability allows unauthenticated attackers to execute arbitrary code on affected mail servers with a CVSS score of 9.8.
Date: 2026-05-19T14:05:28Z
Network: telegram
Published URL: https://t.me/xssf_forum/68
Screenshots:
None
Threat Actors: XSSF – Russian Hack Forum (by IAOR).
Victim Country: Unknown
Victim Industry: Email/Mail Services
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of sachchuyentay.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced the Vietnamese website sachchuyentay.com by compromising a file within the media/custom directory. The attack was a targeted single-site defacement with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-19T14:01:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925082
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Vietnam
Victim Industry: Media/Publishing
Victim Organization: Sach Chuyen Tay
Victim Site: sachchuyentay.com - Website Defacement of hemmer.at by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media or customer-related subdirectory of hemmer.at, an Austrian website. The incident was a targeted single-site defacement, not part of a mass defacement campaign. Server and infrastructure details were not disclosed in the available data.
Date: 2026-05-19T13:59:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925088
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Hemmer
Victim Site: hemmer.at - Website Defacement of B&K Bar Supplies by DimasHxR
Category: Defacement
Content: On May 19, 2026, the threat actor DimasHxR defaced a subdirectory of bandkbarsupplies.com, a bar and restaurant supplies retailer. The attack was a targeted, non-mass defacement affecting a specific media/customer-related path rather than the homepage. No team affiliation, stated motivation, or server details were disclosed for this incident.
Date: 2026-05-19T13:58:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925081
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Bar & Restaurant Supplies
Victim Organization: B&K Bar Supplies
Victim Site: bandkbarsupplies.com - Website Defacement of Lacura Mobility by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a page on lacuramobility.com. The attack targeted a specific media directory path rather than the home page, indicating a targeted file-level defacement. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-19T13:56:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925083
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Transportation / Mobility Services
Victim Organization: Lacura Mobility
Victim Site: lacuramobility.com - Website Redefacement of Porsche Centrum Gelderland by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website of Porsche Centrum Gelderland, a Porsche dealership in the Netherlands, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on May 19, 2026. This incident is classified as a redefacement, indicating the site had been previously targeted by the same or another attacker. No specific motive or proof-of-concept was disclosed in available intelligence.
Date: 2026-05-19T13:50:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925079
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Netherlands
Victim Industry: Automotive Retail
Victim Organization: Porsche Centrum Gelderland
Victim Site: www.porschecentrumgelderland-s… - Website Redefacement of De Producten Fabriek by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website deproductenfabriek.nl, a Dutch manufacturing company, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on May 19, 2026. This incident is confirmed as a redefacement, indicating the attacker had previously compromised the same target. The defacement was not classified as a mass or homepage defacement, suggesting a targeted subdirectory-level intrusion.
Date: 2026-05-19T13:49:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925078
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Netherlands
Victim Industry: Manufacturing
Victim Organization: De Producten Fabriek
Victim Site: www.deproductenfabriek.nl - Website Defacement of Dive Imports by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias DimasHxR defaced a subdirectory of diveimports.org, a website likely associated with a diving equipment import business. The defacement targeted a non-homepage path within the sites media directory and was carried out as a standalone, non-mass incident. No specific motive, team affiliation, or technical server details were disclosed.
Date: 2026-05-19T13:46:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925069
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: Dive Imports
Victim Site: diveimports.org - Website Redefacement of iziplineinc.com by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: The website iziplineinc.com was defaced by threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, on May 19, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or a different actor. The defacement targeted a subdirectory path rather than the homepage, suggesting exploitation of a specific web application or media directory.
Date: 2026-05-19T13:40:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925067
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: iZipline Inc
Victim Site: www.iziplineinc.com - Website Defacement of LSP-IMI by CiaoxD_ of Brotherhood Capung Indonesia
Category: Defacement
Content: On May 19, 2026, the website www.lsp-imi.org was defaced by threat actor CiaoxD_, operating under the Indonesian hacktivist group Brotherhood Capung Indonesia. The attack targeted the homepage of the organization in a single-target defacement operation. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-19T13:17:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925066
Screenshots:
None
Threat Actors: CiaoxD_, Brotherhood Capung Indonesia
Victim Country: Indonesia
Victim Industry: Professional Certification / Standardization
Victim Organization: LSP-IMI (Lembaga Sertifikasi Profesi)
Victim Site: www.lsp-imi.org - Alleged data breach of LiveCity Israeli ISP by Gladiators of God hacking group
Category: Data Breach
Content: The hacking group Gladiators of God (گلادیاتورهای خدا) claimed to have breached a subdomain of LiveCity (livecity.co.il), an Israeli internet service provider in Beersheba, and extracted data of 2,880 users. The group stated they bypassed multiple security layers and plan to release the obtained user information for free shortly.
Date: 2026-05-19T13:17:11Z
Network: telegram
Published URL: https://t.me/c/1283513914/21823
Screenshots:
None
Threat Actors: گلادیاتورهای خدا
Victim Country: Israel
Victim Industry: Internet Service Provider
Victim Organization: LiveCity
Victim Site: livecity.co.il - Website Redefacement of Objectif Concours by YIIX103
Category: Defacement
Content: The website objectifconcours.com, a French education-focused platform, was defaced by threat actor YIIX103 on May 19, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The attacker operated independently without affiliation to a known hacking group.
Date: 2026-05-19T12:48:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925053
Screenshots:
None
Threat Actors: YIIX103
Victim Country: France
Victim Industry: Education
Victim Organization: Objectif Concours
Victim Site: objectifconcours.com - Website Defacement of ir-vet.de by YIIX103
Category: Defacement
Content: On May 19, 2026, the website ir-vet.de, associated with a veterinary service in Germany, was defaced by the threat actor YIIX103. The attacker targeted the readme.html page of the domain in a single, non-mass defacement incident. No specific motive or technical details regarding the attack vector were disclosed.
Date: 2026-05-19T12:47:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925052
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Germany
Victim Industry: Veterinary / Animal Healthcare
Victim Organization: IR-Vet
Victim Site: ir-vet.de - Website Redefacement of Komod-Mag by Threat Actor YIIX103
Category: Defacement
Content: Threat actor YIIX103 conducted a redefacement of the website komod-mag.com, targeting the readme.html page on May 19, 2026. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerability exploitation. The attacker operated independently without an affiliated team, and no specific motive was publicly disclosed.
Date: 2026-05-19T12:46:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925055
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: Komod Mag
Victim Site: www.komod-mag.com - Website Redefacement of The Gardener by Threat Actor YIIX103
Category: Defacement
Content: The website thegardener.ch was defaced by threat actor YIIX103 on May 19, 2026, targeting the readme.html page. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced. The attacker operated without an affiliated team, and technical details such as server software and IP address remain unknown.
Date: 2026-05-19T12:45:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925048
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Switzerland
Victim Industry: Retail / Horticulture
Victim Organization: The Gardener
Victim Site: thegardener.ch - Website Defacement of talk05.de by Attacker YIIX103
Category: Defacement
Content: On May 19, 2026, the website talk05.de was defaced by an attacker operating under the handle YIIX103. The defacement targeted a specific page (readme.html) rather than the homepage, suggesting a partial or targeted intrusion. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-19T12:44:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925047
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Talk05
Victim Site: talk05.de - Website Redefacement of lycanthropete.com by YIIX103
Category: Defacement
Content: The website lycanthropete.com was defaced by the threat actor YIIX103 on May 19, 2026. This incident is recorded as a redefacement, indicating the site had been previously compromised by the same or another attacker. The attacker operated independently without a team affiliation, and technical details such as server software and IP address were not disclosed.
Date: 2026-05-19T12:43:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925056
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Lycanthropete
Victim Site: www.lycanthropete.com - Website Defacement of HFH Clothing by YIIX103
Category: Defacement
Content: On May 19, 2026, the threat actor YIIX103 defaced the website of HFH Clothing, a UK-based clothing retailer, targeting the readme.html page of their domain. The incident was a single, targeted defacement with no team affiliation, mass defacement activity, or prior redefacement history recorded.
Date: 2026-05-19T12:42:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925050
Screenshots:
None
Threat Actors: YIIX103
Victim Country: United Kingdom
Victim Industry: Retail / Fashion
Victim Organization: HFH Clothing
Victim Site: hfhclothing.co.uk - Website Defacement of InteriorLG by Threat Actor YIIX103
Category: Defacement
Content: On May 19, 2026, threat actor YIIX103 defaced the website interiorlg.com, targeting the readme.html page. The attack was a standalone defacement, not part of a mass or coordinated campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T12:41:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925051
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Interior Design / Home Furnishings
Victim Organization: InteriorLG
Victim Site: interiorlg.com - Website Defacement of e-beba.com by YIIX103
Category: Defacement
Content: On May 19, 2026, the website e-beba.com was defaced by the threat actor known as YIIX103, operating without an affiliated team. The defacement targeted a specific page (readme.html) rather than the homepage, indicating a targeted single-page attack. No specific motive or technical details were disclosed in relation to this incident.
Date: 2026-05-19T12:40:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925049
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: E-Beba
Victim Site: e-beba.com - Website Defacement of Source Reiki by YIIX103
Category: Defacement
Content: On May 19, 2026, the website source-reiki.de, a German Reiki or alternative wellness service, was defaced by the threat actor YIIX103 operating without an affiliated team. The defacement targeted a specific readme page and was neither a mass nor a repeated defacement event. No specific motivation or technical details were disclosed by the attacker.
Date: 2026-05-19T12:39:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925046
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Germany
Victim Industry: Health and Wellness
Victim Organization: Source Reiki
Victim Site: source-reiki.de - Website Defacement of Balilla Registro Italiano by YIIX103
Category: Defacement
Content: On May 19, 2026, the attacker known as YIIX103 defaced a page on balillaregistroitaliano.it, an Italian registry site likely associated with the historic Fiat Balilla automobile. The attack was a targeted single-page defacement, not part of a mass or home page defacement campaign. No team affiliation, stated motive, or server details were disclosed in connection with the incident.
Date: 2026-05-19T12:38:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925054
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Italy
Victim Industry: Automotive / Registry Services
Victim Organization: Balilla Registro Italiano
Victim Site: balillaregistroitaliano.it - Alleged data breach of Universitas Lampung employee database
Category: Data Breach
Content: A user named JAX7 has posted on Breachforums announcing a leak of employee database from Universitas Lampung (Lampung University). The breach includes employee records and has been made publicly available on the forum.
Date: 2026-05-19T12:19:15Z
Network: telegram
Published URL: https://t.me/byjax7/833
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Lampung
Victim Site: Unknown - Sale of multi-country citizen data intelligence and CTI archive service
Category: Services
Content: A threat actor is offering paid access to a platform claiming to provide leak intelligence, threat intelligence, and citizen data queries across 35+ countries, along with a claimed 95 TB cyber threat intelligence archive. Access is sold via a dedicated website with controlled and limited subscription terms. The nature and origin of the underlying data are unverified.
Date: 2026-05-19T11:53:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-35-Country-%C4%B0ntelligence-95-TB-CTI
Screenshots:
None
Threat Actors: Brazzers
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dbintelligence.help - Combo List of 173K USA Email/Password Credentials
Category: Combo List
Content: A threat actor shared a combo list containing 173,000 email and password pairs purportedly sourced from United States users. The list was made available for free via an external file-sharing service. No specific breach victim or targeted service was identified.
Date: 2026-05-19T11:49:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-USA-173K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Local Privilege Escalation via SUID Binary Race Condition in VMware Fusion on macOS
Category: Vulnerability
Content: A researcher published a detailed technical writeup describing a double TOCTOU (Time-of-Check Time-of-Use) race condition in the SUID-root binary vmware-rawdiskCreator, included with VMware Fusion versions up to and including 25H2u1 on macOS. By exploiting two sequential race windows, an unprivileged local user can redirect root-privileged file creation operations to arbitrary filesystem directories. Combined with a crafted GPT disk image and a targeted directory, the vulnerability enables persi
Date: 2026-05-19T11:49:21Z
Network: openweb
Published URL: https://tier1.life/thread/244
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: VMware (Broadcom)
Victim Site: vmware.com - Sale of Russian combo list with 115K email/password credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 115,000 Russian email and password pairs via an anonymous file-sharing service. The post was made on BreachForums under the combolists section.
Date: 2026-05-19T11:48:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-RU-115K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list with 14K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 14,000 Hotmail email and password pairs on a cybercrime forum. The credentials appear intended for credential stuffing against Hotmail or other services. No post content was available to confirm additional details.
Date: 2026-05-19T11:46:41Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-14K-Email-Pass–189127
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of cracked DaRKDDoSeR 5.6c DDoS tool
Category: DDoS
Content: A cracked version of DaRKDDoSeR 5.6c, a DDoS attack tool, is being shared on a cracking forum. The tool is described as capable of generating high-volume network traffic with multi-threaded request handling for denial-of-service attacks. A download link and VirusTotal scan result are included in the post.
Date: 2026-05-19T11:46:12Z
Network: openweb
Published URL: https://crackingx.com/threads/75751/
Screenshots:
None
Threat Actors: Sebastian94
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Cracked Hap Crypter 2026
Category: Malware
Content: A threat actor is distributing a cracked version of Hap Crypter 2026, a crypter/packer tool used to obfuscate malicious executables and evade antivirus detection. The post highlights capabilities including file encryption, payload hiding, and AV bypass techniques. A download link is provided alongside a VirusTotal scan result.
Date: 2026-05-19T11:45:51Z
Network: openweb
Published URL: https://crackingx.com/threads/75761/
Screenshots:
None
Threat Actors: deanEvan_89
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of cybercrime tools and services including RDP, SMTP, phishing pages, and verifiers
Category: Services
Content: A threat actor is advertising a range of cybercrime tools and services including RDP access, SMTP senders, bulletproof cPanel hosting, phishing/scam pages, cookies, links, attachments, and credential verifiers. The seller directs interested buyers to a Telegram channel for further details. No specific victim organization is identified.
Date: 2026-05-19T11:45:34Z
Network: openweb
Published URL: https://crackingx.com/threads/75762/
Screenshots:
None
Threat Actors: stroxshop_tools
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 6.5K Mixed Email/Password Credentials
Category: Combo List
Content: A threat actor shared a mixed combolist containing approximately 6,500 email and password pairs via an external file-sharing link. The credentials appear to be sourced from multiple origins with no specific victim organization identified.
Date: 2026-05-19T11:45:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Mixed-6-5K-Email-Pass–189128
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hack Pack 2026 cybersecurity tool collection
Category: Malware
Content: A forum user is distributing a collection of tools marketed as Hack Pack 2026, described as cybersecurity testing and hacking utilities. The post includes a VirusTotal scan result and a download link, suggesting the bundle contains executable or script-based tools. Such packages distributed on cracking forums typically contain offensive security tools, malware, or dual-use utilities.
Date: 2026-05-19T11:45:15Z
Network: openweb
Published URL: https://crackingx.com/threads/75766/
Screenshots:
None
Threat Actors: sophia01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed credential combo list with 3,317 entries
Category: Combo List
Content: A threat actor is offering a mixed combo list containing 3,317 credential pairs, marketed as fresh. The list is available via a public paste link and a Telegram channel, with tiered paid access options also advertised.
Date: 2026-05-19T11:44:23Z
Network: openweb
Published URL: https://crackingx.com/threads/75759/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 3 million corporate combo list
Category: Combo List
Content: A threat actor is offering a combo list advertised as containing 3 million corporate credentials via a cracking forum and Telegram channel. The post directs interested parties to contact the seller on Telegram or join free combo/program distribution groups. No specific victim organization or breach source is identified.
Date: 2026-05-19T11:44:04Z
Network: openweb
Published URL: https://crackingx.com/threads/75763/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Browser stealth exfiltration technique using deprecated link prerender to bypass CSP and DevTools
Category: Vulnerability
Content: A forum post describes a technique using the deprecated HTML link rel=prerender element in Chromium-based browsers to send covert HTTP GET requests that bypass Content Security Policy controls, do not appear in DevTools Network tab, and omit Sec-Fetch-Dest headers. The author presents this as a potential exfiltration primitive, noting the request is processed via the browsers speculative navigation pipeline rather than the subresource pipeline. A proof-of-concept JavaScript function and live
Date: 2026-05-19T11:43:57Z
Network: openweb
Published URL: https://tier1.life/thread/245
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of US car insurance data exposing 44 million records
Category: Data Breach
Content: A threat actor is offering for sale a dataset purportedly containing 44 million lines of US car insurance data in CSV format. The sample records include full names, home addresses, phone numbers, vehicle details (make, model, year), and VINs. The seller is directing buyers to a Telegram channel for purchase.
Date: 2026-05-19T11:43:47Z
Network: openweb
Published URL: https://breachforums.rs/Thread-44M-lines-USA-Car-Insurance-data
Screenshots:
None
Threat Actors: Goldyy
Victim Country: United States
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak search engine indexing multiple databases including Discord, Facebook, and Free.fr
Category: Data Leak
Content: A forum post shares a free search engine at oathnet.org allegedly indexing a 16 billion record database compilation along with data from Discord, Facebook, and Free.fr. The post provides no further detail about the origin or contents of the datasets. The search engine appears to allow querying of leaked credential and personal data records.
Date: 2026-05-19T11:41:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-16B-Leak-Discord-Facebook-Free-fr-DBs-Search-Engine
Screenshots:
None
Threat Actors: gezouzmaster
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: oathnet.org - Sale of fresh mixed email access combo list (Hotmail and others)
Category: Combo List
Content: A threat actor is selling a subscription-based combo list service offering fresh mixed mail access credentials, including Hotmail and other providers. Subscriptions are priced from $10 for a 3-day trial to $45 for one month. The seller claims the lines are private and deduplicated.
Date: 2026-05-19T11:41:01Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81%EF%B8%8F-mk2-cloud-fresh-mix-mail-access-full-private-%F0%9F%92%8E-303936
Screenshots:
None
Threat Actors: mk2clode
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Taiwans Psychological Warfare Group exposing 6 million citizen records
Category: Data Breach
Content: A threat actor is selling an alleged internal database purportedly originating from Taiwans Psychological Warfare Group, claiming over 6 million Taiwanese resident records. The dataset reportedly includes national ID numbers, household addresses, phone numbers, email addresses, family relationships, partial military/employment records, and credit background data. The seller is offering the full SQL and CSV export for 4.8 BTC and claims three sample batches have been verified.
Date: 2026-05-19T11:40:45Z
Network: openweb
Published URL: https://xforums.st/threads/exclusive-leak-taiwans-psychological-warfare-group-6-million-citizen-records.615491/
Screenshots:
None
Threat Actors: yamadat0m99
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Taiwan Psychological Warfare Group
Victim Site: Unknown - Combo List: Hotmail Premium Credential Hits
Category: Combo List
Content: A forum user shared a set of 203 credential hits marketed as Hotmail Premium on a combolist forum. The content is hidden behind a registration/login gate. No specific breach victim or organization is identified.
Date: 2026-05-19T11:40:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%93%8C203x-hotmail-premium-hits%F0%9F%93%8C
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 100 Hotmail mail access credentials. The content is hidden behind a registration or login wall, with engagement incentivized by a like request.
Date: 2026-05-19T11:40:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-0-1k-hotmail-mail-access-%E2%9C%85-303983
Screenshots:
None
Threat Actors: D47
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Chrome Extension Detection Technique via Silent Object Tag
Category: Alert
Content: A forum post describes a technique for silently detecting installed Chrome extensions by probing chrome-extension:// URLs using an HTML tag, which suppresses console errors unlike fetch or image-based probing. The method allows a web page to infer which browser extensions a user has installed without generating visible DevTools noise. This is presented as an educational/research article with potential use in fingerprinting or evasion contexts.
Date: 2026-05-19T11:38:30Z
Network: openweb
Published URL: https://tier1.life/thread/246
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mix email combo list with 5,280 credentials shared
Category: Combo List
Content: A threat actor shared a mixed email and password combo list containing approximately 5,280 credentials on a public forum. The content is gated behind registration or login. No specific victim organization or targeted service is identified.
Date: 2026-05-19T11:37:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-5280x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free release of 70K mixed domain combo list
Category: Combo List
Content: A threat actor shared a mixed-domain combo list containing approximately 70,000 credentials, marketed as fresh. The content is gated behind forum registration or login and was distributed for free.
Date: 2026-05-19T11:36:36Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1-70K-Mixed-Domin-%E2%9A%A1-Fresh-%E2%9A%A1-By-Venn0m
Screenshots:
None
Threat Actors: HOTMAILPR0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List for Hotmail Credentials (25,000 Records)
Category: Combo List
Content: A threat actor is sharing a combo list reportedly containing 25,000 unique Hotmail credentials on a leak forum. The content is hidden behind a registration or login wall. This post represents a credential stuffing resource, not a breach of Hotmail or Microsoft infrastructure.
Date: 2026-05-19T11:36:05Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Unique-Combo-3-25000–20943
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of crypto wallet checker and brute-force cracking tool
Category: Combo List
Content: A forum member is offering a crypto wallet checker and brute-force cracking tool as hidden content requiring registration or login to access. The tool appears designed for credential stuffing or brute-forcing cryptocurrency wallet accounts. No specific victim organization or dataset details are provided in the post.
Date: 2026-05-19T11:35:22Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-crypto-wallet-checker-brute-crack
Screenshots:
None
Threat Actors: stak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Hotmail with 25,000 credentials
Category: Logs
Content: A combo list containing 25,000 credentials marketed for use against Hotmail accounts was shared on the forum. The post appears to offer the list as a free release based on the forum context. No additional details about data origin or freshness were provided.
Date: 2026-05-19T11:34:03Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_2_25000.615488/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Request for email account creation bypass methods
Category: Chatter
Content: A forum user is requesting tips or methods to create email accounts on Outlook, Hotmail, and Gmail without triggering phone verification, SMS, QR code, or email verification requirements. This is a general inquiry post with no specific victim or threat content.
Date: 2026-05-19T11:33:32Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/f7ca525467d4738a0f6f
Screenshots:
None
Threat Actors: Lunar777 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Recruitment post for English-speaking carders
Category: Chatter
Content: A forum user on a carding-focused Dread subdread is recruiting four or five English-speaking individuals. No specific threat, victim, or operational details are provided.
Date: 2026-05-19T11:31:54Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/3174fe371297bcc38f61
Screenshots:
None
Threat Actors: forallworker 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Distribution of Cracked DeepNude 2.0 Premium Software
Category: Malware
Content: A forum user is distributing a cracked version of DeepNude 2.0 Premium, an AI-based image manipulation tool used to generate non-consensual nude imagery. The software is being shared as a free download on a cracking forum, requiring users to reply to access the hidden download link. The application requires .NET Framework 4 and is described as a crack of the original premium version.
Date: 2026-05-19T11:31:49Z
Network: openweb
Published URL: https://altenens.is/threads/deepnude-2-0-premium-cracked-2026.2942573/unread
Screenshots:
None
Threat Actors: ananalbzoor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed domain combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 27,000 mixed-domain credentials, marketed as high quality and fresh. The content is gated behind a reply or account upgrade requirement on the forum.
Date: 2026-05-19T11:31:29Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77069
Screenshots:
None
Threat Actors: Venom1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Trust Wallet balance scanner and validator tool supporting multiple blockchains
Category: Carding
Content: A threat actor is distributing a free Trust Wallet checker tool capable of validating wallet addresses, scanning balances across 50+ blockchains (BTC, ETH, BNB, SOL, and others), and filtering wallets by minimum USD balance. The tool also includes a wallet generator and displays real-time USD values via CoinGecko/CoinMarketCap APIs. Access to the tool requires a forum reply to unlock hidden download content.
Date: 2026-05-19T11:31:15Z
Network: openweb
Published URL: https://altenens.is/threads/locked-with-keyfree-trust-wallet-checker-wallet-validator-balance-scanner-btc-eth-bnb-sol-locked-with-key.2942612/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of corporate business combo list with 125K credentials
Category: Combo List
Content: A threat actor is sharing a combo list advertised as containing 125,000 corporate business credentials. The content is hidden behind a reply or account upgrade requirement. No specific victim organization or breach source is identified.
Date: 2026-05-19T11:30:54Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76884
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Steam account checker tool with inventory and wallet scanning
Category: Combo List
Content: A threat actor is distributing a free, multi-threaded Steam account checker that validates username:password combos and scans for game library contents, wallet balances, account creation dates, and Steam Guard status. The tool supports bulk checking of thousands of combos per hour and is marketed as proxyless. This is a credential-stuffing tool targeting Steam accounts, not a breach of Steam itself.
Date: 2026-05-19T11:30:49Z
Network: openweb
Published URL: https://altenens.is/threads/video-game-free-proxyless-steam-account-checker-login-validator-inventory-scanner-video-game.2942615/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of nopublik.com by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a media-related subdirectory of nopublik.com, targeting the customer advertising section of the website. The attack was carried out as a single, non-mass defacement with no stated motive or team affiliation. Technical details regarding the server environment and exploitation method remain unknown.
Date: 2026-05-19T11:30:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925044
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Media
Victim Organization: Nopublik
Victim Site: nopublik.com - Combo List: Mixed credentials shared by D4rkNetHub
Category: Logs
Content: A threat actor operating as D4rkNetHub has shared a combo list of approximately 10,104 mixed credentials via cloud links on a forum. The content is gated behind registration, with no specific victim organization identified.
Date: 2026-05-19T11:30:25Z
Network: openweb
Published URL: https://xforums.st/threads/10-104-good-mixed-goods-d4rknethub-cloud-19-05-26.615492/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Spotify Premium Account Checker Tool
Category: Combo List
Content: A forum user shared a proxyless Spotify Premium account checker tool hosted on MEGA. The tool is designed to verify the validity of Spotify Premium credentials, likely for credential stuffing purposes.
Date: 2026-05-19T11:30:19Z
Network: openweb
Published URL: https://altenens.is/threads/spotify-premium-checker-proxyless.2942623/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Netflix credential checker tool
Category: Combo List
Content: A threat actor is sharing a proxyless Netflix credential-checking tool capable of 500–2000 checks per minute, hosted on MEGA. The tool is claimed to support Windows, Mac, and Linux operating systems.
Date: 2026-05-19T11:29:53Z
Network: openweb
Published URL: https://altenens.is/threads/netflix-checker-proxyless.2942625/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail inbox checker tool
Category: Combo List
Content: A forum user is sharing a proxyless Hotmail inbox checker tool, gated behind a reply requirement. This type of tool is used for credential stuffing or validating access to Hotmail/Outlook accounts.
Date: 2026-05-19T11:29:24Z
Network: openweb
Published URL: https://altenens.is/threads/hotmail-inbox-checker-proxyless.2942627/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of social media credential stuffing/brute-force tool for Windows
Category: Malware
Content: A threat actor is distributing a Windows-based tool claiming to perform automated password attacks against social media platforms including Instagram, Facebook, Twitter, and TikTok using a targets username or email. The tool is hosted on Mega.nz and marketed as capable of brute-forcing account access within approximately 30 minutes. The post includes a disclaimer for educational use only.
Date: 2026-05-19T11:29:00Z
Network: openweb
Published URL: https://altenens.is/threads/unlocked-first-ever-social-media-hacking-tool-for-windows-unlocked.2942634/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of domain admin access to Italian company SIAV SPA with access to 80+ customers
Category: Initial Access
Content: A threat actor is selling full Domain Admin access to SIAV SPA, an Italian company. The seller claims that exploitation of this access would also yield access to more than 80 of SIAV SPAs customers, significantly amplifying the potential impact of the compromise.
Date: 2026-05-19T11:28:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76941
Screenshots:
None
Threat Actors: SinobiFan
Victim Country: Italy
Victim Industry: Technology
Victim Organization: SIAV SPA
Victim Site: siav.it - Sale of Fortnite account checker tool
Category: Combo List
Content: A forum user shared a link to a proxyless account checker tool targeting Fortnite. The tool is designed for credential stuffing against Fortnite accounts. No specific victim organization or dataset is associated with this post.
Date: 2026-05-19T11:28:35Z
Network: openweb
Published URL: https://altenens.is/threads/fortnite-proxyless-checker.2942635/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of initial access to undisclosed South Korean Food & Beverage company via Cisco AnyConnect VPN
Category: Initial Access
Content: A threat actor is offering VPN access (Cisco AnyConnect) with Server Admin privileges to an undisclosed South Korean Food & Beverage company generating $5M–$10M in annual revenue. The compromised network consists of approximately 50 hosts and is protected by CrowdStrike Falcon EDR. The listing is advertised as verified within the last 48 hours and is available via a darknet marketplace.
Date: 2026-05-19T11:28:19Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77052
Screenshots:
None
Threat Actors: Toton
Victim Country: South Korea
Victim Industry: Food & Beverage
Victim Organization: Unknown
Victim Site: Unknown - Sale of crypto wallet checker and generator tool
Category: Carding
Content: A forum user shared a link to a crypto wallet checker and generator tool via Mega.nz. The post includes a disclaimer disclaiming responsibility for misuse. The tool appears intended for fraudulent cryptocurrency wallet access or generation.
Date: 2026-05-19T11:28:11Z
Network: openweb
Published URL: https://altenens.is/threads/crypto-wallet-checker-and-generator.2942636/unread
Screenshots:
None
Threat Actors: lionelme1011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - SMS/Call reception service for physical numbers in Ukraine, Russia, and Kazakhstan
Category: Services
Content: A threat actor is offering SMS and call reception services using 500+ physical numbers based in Ukraine, Russia, and Kazakhstan, starting at $2 per SMS. The service appears designed to facilitate account verification bypass or anonymization for other threat actors.
Date: 2026-05-19T11:27:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-I-will-accept-SMS-calls-to-physical-numbers-in-the-countries-of-Ukraine-Russia-Kazah–77068
Screenshots:
None
Threat Actors: GFDGDGFDG4324g
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list of 27,000 mixed-domain credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 27,000 mixed-domain credentials via Pasteview. The post markets the credentials as high quality (HQ) valid pairs. No specific victim organization or breach source is identified.
Date: 2026-05-19T11:27:29Z
Network: openweb
Published URL: https://altenens.is/threads/27k-hq-mixed-domains-valids.2942575/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Japan Mail Access Combo List (2.2K)
Category: Combo List
Content: A threat actor is sharing a combo list of 2,200 Japanese email credentials, marketed as fresh and valid as of May 19. Access requires a forum reply to view the hidden content.
Date: 2026-05-19T11:27:00Z
Network: openweb
Published URL: https://altenens.is/threads/2-2k-japan-fresh-valid-mail-access-19-05.2942633/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 42,000 German email access credentials
Category: Logs
Content: A forum user is offering a list of 42,000 allegedly valid German email account credentials, dated May 19. Access to the download link requires forum registration.
Date: 2026-05-19T11:26:50Z
Network: openweb
Published URL: https://xforums.st/threads/42k-germany-just-valid-mail-access-19-05.615493/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Russian online store pxel.ru
Category: Data Breach
Content: A threat actor is offering an alleged database dump from Russian online store pxel.ru containing approximately 800,000 records in CSV-SQL format. Sample data includes usernames, hashed passwords with salts, email addresses, registration dates, and confirmation tokens. The data appears to originate from the sites user registration database.
Date: 2026-05-19T11:26:43Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76899
Screenshots:
None
Threat Actors: camillaDF
Victim Country: Russia
Victim Industry: Retail
Victim Organization: pxel.ru
Victim Site: pxel.ru - Sale of Ivory Coast identity documents including front, back, and selfie images
Category: Carding
Content: A threat actor is selling approximately 10,699 Ivory Coast identity documents comprising front and back ID card images along with selfie photos, totaling 2.10 GB across 32,009 files. The seller claims the data was discovered on an unidentified server and states the source website or organization is unknown. The data is offered at $5,000 for the full set or $1 per record.
Date: 2026-05-19T11:26:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76940
Screenshots:
None
Threat Actors: azrekx
Victim Country: Ivory Coast
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Forum chatter regarding undelivered darknet market package
Category: Chatter
Content: A user on the DarkNetMarkets forum is seeking advice about a package marked as delivered that was not found in their mailbox. The post does not contain specific threat content, malware, exploits, or stolen data. The content appears to be a darknet marketplace discussion about a shipping or delivery issue.
Date: 2026-05-19T11:25:51Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/a70726c4aeaa9534b2de
Screenshots:
None
Threat Actors: d0d0mop 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of alleged database of robotis.fr containing 100,000 records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from robotis.fr, a French e-commerce site, containing approximately 100,000 customer records. The dataset includes personally identifiable information such as names, email addresses, hashed passwords, birthdates, IP addresses, and business identifiers (SIRET/APE codes). The seller accepts escrow or middleman transactions.
Date: 2026-05-19T11:25:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76943
Screenshots:
None
Threat Actors: wizard
Victim Country: France
Victim Industry: Retail
Victim Organization: Robotis France
Victim Site: robotis.fr - Alleged data leak of Marcus & Millichap commercial real estate firm
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump attributed to Marcus & Millichap, a commercial real estate investment company. The dataset contains approximately 20,000 records with fields including full name, title, mailing address, phone, fax, mobile, email, and additional CRM-style contact metadata. The data was made available via an external file-sharing link with the actor soliciting further database requests via Telegram.
Date: 2026-05-19T11:24:47Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76989
Screenshots:
None
Threat Actors: Hapcat
Victim Country: United States
Victim Industry: Real Estate
Victim Organization: Marcus & Millichap
Victim Site: marcusmillichap.com - Alleged data breach of Bitget.com with 9.3 million user phone records for sale
Category: Data Breach
Content: A threat actor is selling an alleged database of approximately 9.3 million Bitget user records, consisting solely of phone numbers spanning over 160 countries and collected between 2021 and 2026. The seller claims the data originates from an exclusive exploit and prices the full dataset at 300,000 USDT. The actor states they previously attempted responsible disclosure but received insufficient response, prompting the sale.
Date: 2026-05-19T11:24:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76994
Screenshots:
None
Threat Actors: xmbitget
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Bitget
Victim Site: bitget.com - Free distribution of UHQ ULP combo pack
Category: Combo List
Content: A threat actor distributed a UHQ ULP (URL:Login:Password) combo pack via a MediaFire download link. The post contains no details about the source, record count, or targeted services.
Date: 2026-05-19T11:23:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-ULP-PACK-UHQ-BY-DADAZONE-V2
Screenshots:
None
Threat Actors: mr_daadaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - OSINT lookup service advertised on cybercrime forum
Category: Services
Content: A threat actor is advertising OpenSense, a commercial OSINT platform offering lookups by IP, email, Discord, GitHub, phone, and username. The service claims to surface leaked or exposed information and is marketed as the cheapest option on the market. No email or password is required for signup, and the operator claims no logs are kept.
Date: 2026-05-19T11:22:58Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-OpenSense-1-Cheapest-OSINT-Platform
Screenshots:
None
Threat Actors: cal
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Xia Fully Undetected DLL Stealer with Runtime and Scantime Evasion
Category: Malware
Content: A threat actor is selling a DLL-based information stealer named Xia on a darknet forum, advertised as fully undetected at both scan time and runtime. The stealer leverages DLL sideloading, DPAPI credential decryption, crypto wallet harvesting, UAC bypass, Ring-3 rootkit capabilities, persistence, and anti-VM/anti-debug evasion. It targets Chromium and Firefox browsers for cookies, login credentials, credit cards, and autofill data, and supports Discord webhook exfiltration.
Date: 2026-05-19T11:22:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76876
Screenshots:
None
Threat Actors: kandricklamar
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of stealer logs (4.39 GB)
Category: Logs
Content: A threat actor posted a 4.39 GB collection of stealer logs on a cracking forum. The post was made under a Logs section and attributed to the channel SunCloudNew. No further details about the victim population or log source are available.
Date: 2026-05-19T11:22:44Z
Network: openweb
Published URL: https://cracked.st/Thread-%EF%BD%A2-Logs-%EF%BD%A3-SunCloudNew-%EF%BD%A2-4-39-GB%EF%BD%A3
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of multi-vector exploitation framework with 55+ CVEs
Category: Vulnerability
Content: A threat actor is selling PHANTOMsCVEs v3.0, a private multi-vector exploitation framework claiming to integrate 55+ CVEs from 2024–2026. The tool reportedly supports automated target enumeration, WAF bypass, database extraction, and OSINT integration across a wide range of platforms including web servers, container orchestration systems, CMS platforms, and databases. The seller is advertising via Telegram.
Date: 2026-05-19T11:22:19Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76897
Screenshots:
None
Threat Actors: See_u_Soon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Shopping combo list of 2.2 million credentials
Category: Combo List
Content: A threat actor operating under the alias MetaCloud3 is distributing a combo list of approximately 2.2 million email:password credentials marketed as private data with high hit rates against shopping platforms. The post is dated May 18, 2026 and references additional information in the authors forum signature.
Date: 2026-05-19T11:22:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-2-2M-%E3%80%8D%E2%9A%A1-SHOPPING-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1GOOD-QUALITY-AND-MANY-HITS%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list of 34 million credentials freely shared
Category: Combo List
Content: A threat actor has shared a combo list advertised as containing 34 million Hotmail credentials, marketed as freshly checked and AntiPublic verified. The list is distributed freely and is likely intended for credential stuffing against Hotmail/Outlook accounts. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T11:21:52Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-34M-Hotmail-Combolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Mackay Memorial Hospital
Category: Data Breach
Content: Threat actor MDGhost666, affiliated with BlackH4t, claims to have exfiltrated approximately 1.2TB of data from Mackay Memorial Hospital and its affiliated branches across Taiwan. Sample data includes highly sensitive patient records with fields for patient name, date of birth, sex, national ID, phone number, address, lab test results, and clinical data. The leak reportedly covers multiple hospital branches including Taipei, Tamsui, Hsinchu, Taitung, and MacKay Childrens Hospital.
Date: 2026-05-19T11:21:30Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76946
Screenshots:
None
Threat Actors: MDGhost666
Victim Country: Taiwan
Victim Industry: Healthcare
Victim Organization: Mackay Memorial Hospital
Victim Site: mmh.org.tw - Sale of Instagram combo list with 9 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 9 million Instagram credentials, marketed as freshly checked and AntiPublic verified. The post is sponsored by RogenCloud and includes a download link. Instagram is the credential-stuffing target, not the breach source.
Date: 2026-05-19T11:21:24Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8-9M-Instagram-Combolist-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of mixed credentials with reported hits
Category: Combo List
Content: A threat actor on Cracked.st has shared a mixed combo list containing 10,104 email:password pairs, marketed as having verified hits as of May 26, 2019. The post includes an external image link, likely a screenshot of the credentials or hit results.
Date: 2026-05-19T11:21:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10-104-Good-MIXED-GOODS-19-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Telekom Srbija
Category: Data Breach
Content: A threat actor operating under the alias MDGhost666 claims to have breached Telekom Srbija and obtained a database of 72 million customer records spanning 2025–2026. The leaked data allegedly includes full names, national ID numbers (JMBG), addresses, phone numbers, service installation details, and subscriber package information. Sample records with Serbian citizen data were shared in the post to substantiate the claim.
Date: 2026-05-19T11:20:52Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76972
Screenshots:
None
Threat Actors: MDGhost666
Victim Country: Serbia
Victim Industry: Telecommunications
Victim Organization: Telekom Srbija
Victim Site: telekom.rs - Sale of Europa mix combo list with 19,654 credentials
Category: Combo List
Content: A threat actor is sharing a private European mix combo list containing 19,654 email:password pairs on a cracking forum. The list is labeled Full Access (FA), suggesting credentials with complete account access. No specific victim organization or service is identified.
Date: 2026-05-19T11:20:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-19-654-Private-FA-Europa-Mix-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mixed email combo list with 20,035 credentials
Category: Combo List
Content: A threat actor shared a mixed email:password combo list containing 20,035 credentials. The list is marketed for mail access and credential stuffing purposes. No specific victim organization or breach source is identified.
Date: 2026-05-19T11:20:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-20-035-mixed-Combolist-Mail-Pass-Mail-Access
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Wanted: SMTP service access for bulk email providers
Category: Phishing
Content: A forum user is soliciting access to SMTP accounts or credentials for major email delivery platforms including AWS SES, SendGrid, SparkPost, Mailjet, Brevo, and Postmark. Such access is commonly sought for spam or phishing campaigns. The user provided a Telegram contact for transactions.
Date: 2026-05-19T11:20:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76990
Screenshots:
None
Threat Actors: gf4d4g4f
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged combo list of 28,328 email credentials with full access
Category: Combo List
Content: A combo list of 28,328 email credentials advertised as private full-access mail combos was shared on a public forum. The post is categorized as a combo list intended for credential stuffing or account takeover. No specific victim organization or breach source was identified.
Date: 2026-05-19T11:19:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-28-328-Private-FA-Mail-Access-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of Hotmail credentials shared on cracking forum
Category: Combo List
Content: A threat actor distributed a combo list of 1,511 Hotmail credentials marketed as premium valid hits. The post advertises mixed email formats and private cloud access, with contact via Telegram.
Date: 2026-05-19T11:19:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1511x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: Alphaaaxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Delko.fr
Category: Data Breach
Content: A threat actor is selling an alleged database from Delko.fr, claimed to contain 3.1 million records and dated to this month. The seller is offering the data for $250–$300 and provides a sample via an anonymous file-sharing link. Contact is facilitated through Telegram.
Date: 2026-05-19T11:19:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77005
Screenshots:
None
Threat Actors: ARPANET744
Victim Country: France
Victim Industry: Unknown
Victim Organization: Delko
Victim Site: delko.fr - Disney+ credential combo list with 3 million entries
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3 million email and password pairs marketed for use against Disney+. The post claims the credentials are private and of good quality with many valid hits. Disney+ is the credential-stuffing target, not the source of the breach.
Date: 2026-05-19T11:19:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-3M-%E3%80%8D%E2%9A%A1-DISNEY-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1GOOD-QUALITY-AND-MANY-HITS%E2%9A%A1-18-05-26%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 15K Mixed Mail Access Credentials
Category: Combo List
Content: A combo list containing approximately 15,000 mixed mail access credentials was shared on a cracking forum. No additional details about the source, composition, or verification status of the credentials are available.
Date: 2026-05-19T11:18:59Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%9015K-MIXED-MAIL-ACCESS-%E2%AD%90–2096185
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Nirvasa (nirvasa.com) exposing 3.5 million Indian healthcare platform users
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Nirvasa, a digital primary care platform based in India, containing approximately 3.5 million user records with fields including first name, last name, telephone, email, pincode, address, and internal API metadata. The dataset is claimed to be relevant from 2024 to 2026, with approximately 2.925 million unique telephone numbers, and is offered for $600 via Telegram.
Date: 2026-05-19T11:18:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77016
Screenshots:
None
Threat Actors: Masterbyte
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Nirvasa
Victim Site: nirvasa.com - Alleged combo list of 12,157 European credentials
Category: Combo List
Content: A threat actor shared a combo list advertised as containing 12,157 private email:password credential pairs targeting European accounts. The post is categorized as a full-access (FA) combolist, likely intended for credential stuffing. No specific victim organization or service is identified.
Date: 2026-05-19T11:18:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-12-157-Private-FA-Combolist-Europa-Good
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - European mixed combo list with 13,090 credentials
Category: Combo List
Content: A combo list containing approximately 13,090 email:password pairs from multiple European countries (Germany, France, Italy, Netherlands, Spain, Poland, and others) was shared on a cracking forum. The credentials are mixed and sourced from various breaches across the region.
Date: 2026-05-19T11:18:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-13-090-mixed-Europa-Mix-Combos-de-fr-it-nl-es-pl-etc
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Romanian national population database with government data
Category: Data Breach
Content: A threat actor is offering for sale an alleged database containing personal data of approximately 20 million Romanian individuals, described as private government data. The dataset reportedly includes SSNs, phone numbers, emails, full names, dates of birth, and addresses. The seller claims to also offer access to the underlying software panel and associated infrastructure, and is accepting Monero payments via escrow only.
Date: 2026-05-19T11:18:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77017
Screenshots:
None
Threat Actors: neat
Victim Country: Romania
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Mixed European Credentials for Credential Stuffing
Category: Combo List
Content: A threat actor shared a mixed European combo list containing 14,314 email:password pairs. The list is advertised as suitable for credential stuffing against mixed targets. No specific victim organization or breach source is identified.
Date: 2026-05-19T11:17:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-14-314-mixed-Combolist-Europa-Good-For-Mixed-Target
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of Hotmail credentials freely shared
Category: Combo List
Content: A threat actor has publicly shared approximately 1,500 Hotmail email:password credentials on a cracking forum. The post claims the data was first distributed in private closed groups 4–7 days prior to public release. The credentials are marketed as mail access combos.
Date: 2026-05-19T11:17:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%97%EF%B8%8F1-5k-HOTMAIL-MAIL-ACCESS%E2%9D%97%EF%B8%8F-18-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of URL:Log:Pass credential cloud service with claimed 12 billion records
Category: Logs
Content: A threat actor operating under the name Plutonium is selling subscription-based access to a private URL:Log:Pass credential cloud service, claiming an antipublic database of approximately 12 billion records with up to 500 million new lines added monthly. The service is priced from $350/month to $5,000 lifetime and is advertised as sourced from paid logs, leaked logs, and private traffic. The seller claims the dataset is deduplicated, normalized, and includes credentials that are effective agai
Date: 2026-05-19T11:17:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77026
Screenshots:
None
Threat Actors: Seaborg_p
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of LegacyRAT Android Remote Access Trojan with Source Code
Category: Malware
Content: A threat actor operating as CrazyTeam is offering LegacyRAT, a private Android RAT, for rent or full source code purchase on a cracking forum. The malware supports VNC, HVNC, SMS interception, notification hijacking, and is advertised as capable of bypassing Google Play Protect and bank detection mechanisms on Android 7 through 16. Pricing ranges from $200 for a one-day demo to $4,200 for full source code.
Date: 2026-05-19T11:16:49Z
Network: openweb
Published URL: https://cracked.st/Thread-LegacyRAT-Private-RAT-for-Rent-Source-Codes-Sale
Screenshots:
None
Threat Actors: CrazyTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of credentials and access to Wifaq ul Madaris Pakistan
Category: Initial Access
Content: A threat actor is offering for sale credentials and access to Wifaq ul Madaris, a Pakistani madrasa education network. The seller is advertising contact via qTox, suggesting a private negotiation for the access. No further details regarding the scope or method of compromise were provided.
Date: 2026-05-19T11:16:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77050
Screenshots:
None
Threat Actors: Jon1234
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: Wifaq ul Madaris
Victim Site: Unknown - Facebook Ad Account Unbanning Service Offered on Cracked Forum
Category: Services
Content: A forum user is offering a service to unban Facebook ad accounts, claiming a turnaround time of 1-4 days. Pricing starts at $1,400 USD with middleman or 50-50 payment options available.
Date: 2026-05-19T11:16:21Z
Network: openweb
Published URL: https://cracked.st/Thread-UNBAN-FACEBOOK-AD-ACCOUNTS-REALISTIC-TAT-AND-ASSURED-RESULT
Screenshots:
None
Threat Actors: Dil8ert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Yamm.sa
Category: Data Breach
Content: A threat actor identified as @888 claims to have breached Yamm.sa, a Saudi e-commerce refund platform, in July 2025, exposing approximately 46,000 rows of order and customer data. The leaked dataset includes customer names, phone numbers, order details, refund amounts, payment methods, and shipment information. A sample of the data has been shared on the forum.
Date: 2026-05-19T11:16:14Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Yamm-sa-leak
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: Yamm
Victim Site: yamm.sa - Alleged data breach of Gastroenterology & Hepatology of CNY, P.C.
Category: Data Breach
Content: A threat actor is selling a database allegedly exfiltrated from Gastroenterology & Hepatology of CNY, P.C. and its affiliated Digestive Disease Center of CNY, LLC, both based in Syracuse, New York. The dataset purportedly contains 167,303 patient records including SSNs, addresses, phone numbers, emails, ICD-10 diagnoses, medications, and pathology reports, with 46,181 patients flagged for sensitive diagnoses including mental health, substance use, STIs, cancer, and Hepatitis C. The seller claims
Date: 2026-05-19T11:15:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76879
Screenshots:
None
Threat Actors: ERC
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Gastroenterology & Hepatology of CNY, P.C.
Victim Site: gandhofcny.com - Sale of alleged large-scale French multi-organization database compilation (2010-2026)
Category: Data Breach
Content: A threat actor operating as ShiroXMR is offering for sale an alleged compilation of databases from dozens of French organizations spanning 2010 to 2026, priced at $5,000 in cryptocurrency. The compilation purportedly includes data from government agencies (Ministry of Interior, FranceConnect, ANTS, CAF, CPAM, URSSAF), healthcare entities (Viamedis, Almerys, CNAM, Cegedim Santé), major telecoms (Orange, SFR, Free, Bouygues), financial records (FICOBA/DGFiP), and numerous retail, transportation,
Date: 2026-05-19T11:14:29Z
Network: openweb
Published URL: https://breached.st/threads/france-database-2010-2026-compil.87359/unread
Screenshots:
None
Threat Actors: near2tlg
Victim Country: France
Victim Industry: Government
Victim Organization: Multiple French Organizations
Victim Site: Unknown - Alleged data leak of Bolivian National Police technology directorate (DNTT)
Category: Data Leak
Content: A hacktivist actor identified as Risesociety claims to have leaked 21GB of data from the Bolivian National Polices Directorate of Technology and Telematics (DNTT). The leak is framed as a protest against corruption within Bolivias police force and prison system. The data has been made available via a Telegram channel.
Date: 2026-05-19T11:14:18Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76880
Screenshots:
None
Threat Actors: Risesociety
Victim Country: Bolivia
Victim Industry: Government
Victim Organization: Direccion Nacional de Tecnologia y Telematica (Bolivian National Police)
Victim Site: Unknown - Alleged data breach of University of Guelma seminar management system via SQL injection
Category: Data Breach
Content: A threat actor claims to have exploited a SQL injection vulnerability in the seminar management application of the University of Guelma, Algeria, resulting in unauthorized access to the backend database. The exposed data reportedly includes user credentials, personal information, and seminar registration details. A download link for the exfiltrated data is provided in the post.
Date: 2026-05-19T11:13:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76894
Screenshots:
None
Threat Actors: Dzsecurity
Victim Country: Algeria
Victim Industry: Education
Victim Organization: University of Guelma
Victim Site: apps.univ-guelma.dz - Alleged data leak of fvgfl.com by Cyber Team Indonesia
Category: Data Leak
Content: A threat actor operating under the alias MR ELANG XPLOIT, affiliated with Cyber Team Indonesia, claims to have leaked a database from fvgfl.com, a financial valuation firm. The alleged database dump has been made available via a MediaFire download link. No record count or specific data fields were disclosed in the post.
Date: 2026-05-19T11:13:28Z
Network: openweb
Published URL: https://breached.st/threads/leaks-database-financial-valuation.87361/unread
Screenshots:
None
Threat Actors: MR ELANG XPLOIT
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Financial Valuation Group
Victim Site: fvgfl.com - Alleged data leak of Tuban Regency population database
Category: Data Leak
Content: A threat actor using the alias Jax7 has freely distributed what is claimed to be a population database belonging to Tuban Regency, Indonesia. The data is shared in PDF format via Google Drive. No record count is specified in the post.
Date: 2026-05-19T11:13:07Z
Network: openweb
Published URL: https://breached.st/threads/database-penduduk-kabupaten-tuban.87362/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kabupaten Tuban (Tuban Regency)
Victim Site: Unknown - Alleged data leak of Watiqa.ma — Moroccan Government Civil Documents Platform
Category: Data Leak
Content: A threat actor operating under the alias Jabaroot has freely released a full database dump from Watiqa.ma, the Moroccan governments official electronic platform for civil status documents. The dataset reportedly contains 695,402 records including full names, parental names, dates of birth, email addresses, phone numbers, residential addresses, birth certificate numbers, and civil registry office details, as well as apparent administrative user records. The dump is dated May 2026 and distribut
Date: 2026-05-19T11:12:57Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Watiqa-ma-%E2%80%93-Moroccan-Government-Civil-Documents-Platform-%E2%80%93-695-402-Records
Screenshots:
None
Threat Actors: macaroni
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Watiqa.ma — Moroccan Government Civil Status Documents Platform
Victim Site: watiqa.ma - Alleged data leak of Skalki (Poland)
Category: Data Leak
Content: A threat actor operating under the alias Barz172, associated with Digital Storm Sec, leaked data allegedly belonging to a Polish entity called Skalki. The leaked data includes hashed passwords, IP addresses, and usernames. The data was made available publicly on a darknet forum.
Date: 2026-05-19T11:12:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77064
Screenshots:
None
Threat Actors: Barz172
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Skalki
Victim Site: Unknown - Alleged data breach of SIPGAN Magelang government portal
Category: Data Breach
Content: A threat actor posted an alleged database dump from sipgan.magelang.go.id, an Indonesian government employee portal for the Magelang region. The post includes a sample of the data. Record count and further details are not specified in the post.
Date: 2026-05-19T11:12:25Z
Network: openweb
Published URL: https://breached.st/threads/database-pegawai-sipgan-magelang-go-id.87363/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: SIPGAN Magelang
Victim Site: sipgan.magelang.go.id - Alleged data breach of Sipgan Magelang government employee database
Category: Data Breach
Content: A Breachforums user (JAX7) has posted a thread disclosing a database breach involving employee records from Sipgan Magelang (sipgan.magelang.go.id), an Indonesian government institution. The breach details are shared publicly on Breachforums.
Date: 2026-05-19T11:04:02Z
Network: telegram
Published URL: https://t.me/byjax7/830
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sipgan Magelang
Victim Site: sipgan.magelang.go.id - Alleged leak of working SMTP credentials
Category: Logs
Content: A threat actor shared a file containing 323 lines of working SMTP credentials, including email addresses, passwords, and SMTP server details for multiple domains. The data appears to be harvested from various organizations and is being distributed freely on the forum.
Date: 2026-05-19T10:59:17Z
Network: openweb
Published URL: https://xforums.st/threads/workingsmtps-logs-by-x-forums.615477/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of MCM-24 by DimasHxR
Category: Defacement
Content: On May 19, 2026, the German e-commerce website mcm-24.de was defaced by a threat actor known as DimasHxR. The defacement targeted a subdirectory within the sites media/customer assets path, suggesting exploitation of a vulnerable file upload or web application component. The incident was a targeted single-site defacement with no team affiliation reported.
Date: 2026-05-19T10:56:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925005
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: E-Commerce / Retail
Victim Organization: MCM-24
Victim Site: mcm-24.de - Free sharing of working SMTP credentials list
Category: Logs
Content: A threat actor has freely shared a file containing 445 working SMTP credentials, including email addresses, passwords, server hostnames, and ports. The credentials span multiple domains and organizations across various countries. The file is described as verified working SMTP access entries.
Date: 2026-05-19T10:46:42Z
Network: openweb
Published URL: https://xforums.st/threads/workingsmtps-detailed-2-logs-by-x-forums.615478/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Parfuemerie Monheim by DimasHxR
Category: Defacement
Content: On May 19, 2026, the attacker known as DimasHxR defaced a media directory page on the website of Parfuemerie Monheim, a German perfumery retailer. The incident was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed.
Date: 2026-05-19T10:39:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925002
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail – Cosmetics & Fragrance
Victim Organization: Parfuemerie Monheim
Victim Site: parfuemerie-monheim.eu - Free distribution of working SMTP credential logs
Category: Logs
Content: A threat actor has freely distributed a text file containing 376 working SMTP credentials across multiple email providers and domains. The file includes SMTP server addresses, ports, email addresses, and plaintext passwords, described as verified successful logins. The content spans multiple countries and providers including btinternet.com and several Japanese mail servers.
Date: 2026-05-19T10:39:07Z
Network: openweb
Published URL: https://xforums.st/threads/workingsmtps-detailed-3-logs-by-x-forums.615479/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Parfuemerie Harbeck by DimasHxR
Category: Defacement
Content: On May 19, 2026, the attacker known as DimasHxR defaced a page on the German perfumery retailer Parfuemerie Harbecks website. The incident was a targeted single-page defacement, not involving mass or home page compromise. No team affiliation, specific motivation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T10:36:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925001
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail – Cosmetics and Perfumery
Victim Organization: Parfuemerie Harbeck
Victim Site: www.parfuemerie-harbeck.de - Leaked SMTP credentials list with 354 working email accounts
Category: Combo List
Content: A threat actor distributed a file containing 354 working SMTP credentials, including email addresses, ports, usernames, and plaintext passwords sourced from multiple domains across various countries. The credentials are marketed as verified working SMTP accounts. The dataset was shared freely on the forum and is also available via a Telegram backup channel.
Date: 2026-05-19T10:28:42Z
Network: openweb
Published URL: https://xforums.st/threads/workingsmtps-detailed-4-logs-by-x-forums.615480/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged SQL Injection Vulnerability in SMK Negeri 1 Banjaragung School Web Application
Category: Vulnerability
Content: A SQL injection (SQLi) vulnerability has been disclosed in the API/JSON endpoint of the web application hosted at https://app.smkn1banjaragung.sch.id. The vulnerability is described as mentah (raw/unpatched). Posted by Mr.SonicX from TEGAL CYBER TEAM.
Date: 2026-05-19T10:26:21Z
Network: telegram
Published URL: https://t.me/c/3528849141/314
Screenshots:
None
Threat Actors: Mr.SonicX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Negeri 1 Banjaragung
Victim Site: smkn1banjaragung.sch.id - Website Defacement of linhdan27.id.vn by YIIX103
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the handle YIIX103 defaced the website linhdan27.id.vn, a Vietnamese domain. The attack targeted a specific PHP page (yo.php) and was neither a mass nor a home page defacement. No team affiliation, motive, or server details were disclosed in connection with this incident.
Date: 2026-05-19T10:18:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/925000
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Linh Dan
Victim Site: linhdan27.id.vn - Leak of working SMTP credentials with email and password combinations
Category: Logs
Content: A threat actor distributed a file containing 323 lines of working SMTP credentials, including server hostnames, ports, email addresses, and plaintext passwords. The credentials span multiple organizations and domains, each marked as successfully authenticated. The dataset was made available for free download on a cybercrime forum.
Date: 2026-05-19T10:13:41Z
Network: openweb
Published URL: https://xforums.st/threads/workingsmtps-detailed-logs-by-x-forums.615481/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of ULP combo list with 3.4 million email/password pairs
Category: Combo List
Content: A combo list titled ULP (6) containing approximately 3.4 million email/password pairs has been freely distributed on XForums. The dataset spans multiple services and domains across various countries. The content is formatted as URL:login:password entries typical of stealer log or credential aggregation output.
Date: 2026-05-19T10:02:35Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-6-logs-by-x-forums.615482/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Western Union database
Category: Data Leak
Content: A threat actor on XF Forums is distributing a file labeled WU Database allegedly containing data associated with Western Union. The file is described as mixed data logs in HTML format, approximately 21.55 KB in size. No record count or specific data fields are disclosed in the post.
Date: 2026-05-19T09:55:13Z
Network: openweb
Published URL: https://xforums.st/threads/wu-database-by-x-forums.615483/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Western Union
Victim Site: westernunion.com - Combo List of Yahoo Email Credentials Shared on Forum
Category: Combo List
Content: A combo list containing 245,338 Yahoo email and password pairs has been freely shared on a forum. The file, named yahoo.txt, contains plaintext email:password credentials. This is a credential collection, not a breach of Yahoo.
Date: 2026-05-19T09:43:15Z
Network: openweb
Published URL: https://xforums.st/threads/yahoo-logs-by-x-forums.615484/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Kabupaten Tuban population database
Category: Data Breach
Content: A user named JAX7 has posted on Breachforums regarding a breach of the population database (database penduduk) for Kabupaten Tuban, an Indonesian regency. The breach details are shared publicly on the forum.
Date: 2026-05-19T09:36:49Z
Network: telegram
Published URL: https://t.me/byjax7/821
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kabupaten Tuban Government
Victim Site: Unknown - Sale of ULP logs containing username/password combos
Category: Logs
Content: A forum user shared a ULP (URL:Login:Password) log file containing over 3.2 million credential pairs across multiple services, including Zoom, Instagram, and ESET. The file spans 195.55 MB and was made available for download to registered forum members.
Date: 2026-05-19T09:31:00Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-9-logs-by-x-forums.615486/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged hacking services offering unauthorized access to email, social media, and financial accounts
Category: Cyber Attack
Content: User @sureciphern advertising hacking services including Telegram, mobile phones, websites, iCloud, Snapchat, email accounts, and stolen funds recovery. Also offering account rental services for Reddit and LinkedIn.
Date: 2026-05-19T09:28:37Z
Network: telegram
Published URL: https://t.me/c/2613583520/84824
Screenshots:
None
Threat Actors: sureciphern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of stolen credit card data and credential combolists by Boss Shop
Category: Combo List
Content: Boss Shop advertises the sale of 100K+ fresh stolen credit card records daily, validated through authentication, with prices starting from $0.01. They also offer country-specific credential datasets (combolists) for Hotmail and various e-commerce platforms (eBay, Walmart, Amazon, Kleinanzeigen, Poshmark, Depop, Uber) across multiple regions (FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SP, SG). The operation includes a daily free giveaway of 10K cards and compensation guarantee if cards appear elsewhere.
Date: 2026-05-19T09:20:04Z
Network: telegram
Published URL: https://t.me/c/2613583520/84815
Screenshots:
None
Threat Actors: Boss Shop
Victim Country: Unknown
Victim Industry: Financial Services, E-commerce, Email Providers
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of RDP access and compromised cloud accounts
Category: Initial Access
Content: Threat actor PORTAL advertising rental of RDP access to Azure, AWS, and Digital Ocean infrastructure at $200 daily/monthly rates. Also offering compromised email accounts (domain mail, Gmail, Yahoo), GitHub Student accounts, ChatGPT Plus, Claude 20x, and ElevenLabs Creator Plan accounts. Services marketed as fresh with good IP and limited stock available. Escrow payment method offered.
Date: 2026-05-19T09:14:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/84808
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mass Defacement of Indonesian Educational Institution by Ushiromiya
Category: Defacement
Content: On May 19, 2026, the threat actor Ushiromiya conducted a mass defacement attack targeting the computer-based testing (CBT) subdomain of an Indonesian educational institution, midupepelegi.sch.id. The attack was carried out on a Linux-based server and is classified as a mass defacement campaign, suggesting multiple sites were compromised simultaneously. The incident was archived and mirrored via haxor.id.
Date: 2026-05-19T08:58:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249397
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Midupepelegi School
Victim Site: cbt.midupepelegi.sch.id - Website defacement of SMKN 2 Simpang Empat by Ushiromiya
Category: Defacement
Content: On May 19, 2026, the threat actor Ushiromiya defaced the teacher portal of SMKN 2 Simpang Empat, an Indonesian vocational high school. The targeted subdomain (guru) is associated with the schools educator-facing web presence, hosted on a Linux server. The incident was a single targeted defacement, not classified as mass or redefacement.
Date: 2026-05-19T08:57:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249396
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMKN 2 Simpang Empat
Victim Site: guru.smkn2simpangempat.sch.id - Website defacement of MTsN 4 Kota Palu by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor known as Ushiromiya defaced a subdomain of MTsN 4 Kota Palu, an Indonesian state Islamic junior high school. The attack targeted a Linux-based web server and was classified as a single, non-mass defacement. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T08:56:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249398
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 4 Kota Palu (Madrasah Tsanawiyah Negeri 4 Kota Palu)
Victim Site: garuda.mtsn4kotapalu.sch.id - Website Defacement of MI Wachid Hasyim School by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Ushiromiya defaced the Computer Based Test (CBT) subdomain of MI Wachid Hasyim, an Indonesian Islamic elementary school. The attack targeted a Linux-based web server and was a single targeted defacement rather than a mass or redefacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T08:50:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249394
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MI Wachid Hasyim School
Victim Site: cbt.miwachidhasyim.sch.id - Website Defacement of MAN 2 Aceh Utara by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Ushiromiya defaced a subdomain of MAN 2 Aceh Utara, an Indonesian public Islamic high school located in North Aceh. The attack targeted a Linux-based web server and was a standalone, non-mass defacement. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T08:47:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249395
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MAN 2 Aceh Utara (Madrasah Aliyah Negeri 2 Aceh Utara)
Victim Site: gcbt.man2acehutara.sch.id - Alleged data breach of Aman Hospital Qatar by S-Root hacking group
Category: Data Breach
Content: Hacking group S-Root claims to have accessed and leaked approximately 12 GB of data from Aman private hospital in Doha, Qatar. The leaked data allegedly includes medical records, identity information, insurance data, and internal hospital system information. The data has been distributed online in segmented form. However, the authenticity of these claims and the validity of the published files have not been independently verified.
Date: 2026-05-19T08:42:03Z
Network: telegram
Published URL: https://t.me/c/1283513914/21819
Screenshots:
None
Threat Actors: S-Root
Victim Country: Qatar
Victim Industry: Healthcare
Victim Organization: Aman Hospital
Victim Site: Unknown - Alleged defacement of leepoet.com by C10F/X404
Category: Defacement
Content: Threat actor claiming defacement of leepoet.com website. Multiple URLs provided showing defaced pages (401-410, readme, defacer, dan, C10F pages). Attack attributed to C10F./X404 and DEFACER INDONESIAN TEAM.
Date: 2026-05-19T08:35:09Z
Network: telegram
Published URL: https://t.me/c/3755871403/532
Screenshots:
None
Threat Actors: C10F
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: leepoet.com
Victim Site: leepoet.com - Website Defacement of MrTech by DimasHxR
Category: Defacement
Content: On May 19, 2026, the threat actor DimasHxR defaced a page on the Mexican technology website mrtech.com.mx. The attacker targeted a specific subpage (b.html) rather than the homepage, indicating a targeted but limited-scope defacement. No team affiliation, stated motive, or technical details about the exploitation method were disclosed.
Date: 2026-05-19T08:30:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924996
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Mexico
Victim Industry: Technology
Victim Organization: MrTech
Victim Site: www.mrtech.com.mx - Website Defacement of anthonyfellow.com by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a specific page (b.html) on anthonyfellow.com. The attack was a targeted single-page defacement, not part of a mass or redefacement campaign. The attacker operated without affiliation to a known team, and the motivation and server details remain unknown.
Date: 2026-05-19T08:24:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924995
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Anthony Fellow
Victim Site: anthonyfellow.com - Website Defacement of Coastal Edge Strategies by DimasHxR
Category: Defacement
Content: On May 19, 2026, the website of Coastal Edge Strategies was defaced by a threat actor known as DimasHxR operating independently without a team affiliation. The attack targeted a specific page rather than the homepage and was not part of a mass defacement campaign. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T08:22:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924994
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Consulting / Professional Services
Victim Organization: Coastal Edge Strategies
Victim Site: coastaledgestrategies.com - Website Defacement of Africa Kwaba Group by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced the website of Africa Kwaba Group, targeting a readme page on the domain. The attack was an individual defacement with no team affiliation, mass campaign, or prior redefacement noted. Technical details such as server software and exploited vulnerability remain unknown.
Date: 2026-05-19T08:21:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924993
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Finance / Business Services
Victim Organization: Africa Kwaba Group
Victim Site: africakwabagroup.com - Website Defacement of zsepi.pro by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias DimasHxR defaced the website zsepi.pro, targeting a specific page (b.html). The attacker acted independently without affiliation to a known group or team. Limited technical details are available regarding the server infrastructure or the motivation behind the attack.
Date: 2026-05-19T08:19:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924992
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zsepi.pro - Alleged DDoS-as-a-Service Operation – Deepstresser 1.0.4 with SYN Bypass Methods
Category: Malware
Content: Deepstresser is advertising a DDoS-as-a-Service platform offering SYN retransmission bypass methods to circumvent mitigation systems. The service provides configurable attack parameters with pricing starting at $10 per concurrent for basic plans and $20 for premium plans. The platform claims to support high-throughput attacks and offers custom method creation capabilities.
Date: 2026-05-19T08:17:39Z
Network: telegram
Published URL: https://t.me/c/1669509146/99004
Screenshots:
None
Threat Actors: Deepstresser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Mini Dachshund Den by DimasHxR
Category: Defacement
Content: On May 19, 2026, the attacker known as DimasHxR defaced the homepage of minidachshundden.com, a website associated with miniature dachshund breeding or sales. The attack was a targeted single-site homepage defacement with no team affiliation reported. No specific motive or technical exploitation details were disclosed.
Date: 2026-05-19T08:13:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924988
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Pet Breeding / Retail
Victim Organization: Mini Dachshund Den
Victim Site: minidachshundden.com - Combo List: 55K Alleged Fresh Credentials
Category: Combo List
Content: A forum user shared a combo list containing approximately 55,004 email:password credentials marketed as private, fresh, and fully authentic (FA) hits. No specific victim organization or targeted service was identified. The credentials were posted on a public cracking forum.
Date: 2026-05-19T08:13:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55-004-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of DDoS botnet and stresser service infrastructure
Category: DDoS
Content: A threat actor is selling a DDoS botnet system supporting Layer 4 and Layer 7 attack methods along with an associated stresser/booter website (stressed.pw) for $3,000. The sale includes active clients, attack methods, and all associated services. The seller claims to have existing paying customers whose packages would be transferred to the buyer.
Date: 2026-05-19T08:12:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-DDoS-Botnet-Cyber-%E2%80%8B%E2%80%8BAttack-Network-for-Sale
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: stressed.pw - Europa Germany Mixed Combo List (214,825 Lines)
Category: Combo List
Content: A combo list containing 214,825 email:password lines targeting European and German accounts was shared on a cracking forum. The list appears to be a mixed credential dataset. No specific victim organization or breach source is identified.
Date: 2026-05-19T08:12:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-214-825-Lines-%E2%9C%85-Europa-Germany-Mixed-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of European mixed combo list with 35,760 credentials
Category: Combo List
Content: A threat actor shared a mixed European email:password combo list containing 35,760 credentials on a public forum. The list is described as private and full access (FA). No specific victim organization or breach source is identified.
Date: 2026-05-19T08:12:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-35-760-Private-FA-Europa-Mixed-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list of 901,625 lines available on cracking forum
Category: Combo List
Content: A threat actor has shared a Hotmail combo list containing approximately 901,625 email and password pairs on a cracking forum. The credentials are marketed as high quality. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-19T08:11:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-901-625-Lines-%E2%9C%85-Hotmail-com-Combolist-HQ-LEaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of kemmett.uk by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a page on kemmett.uk, a United Kingdom-based website. The defacement targeted a specific page (b.html) rather than the homepage, suggesting a targeted or opportunistic attack. No team affiliation, specific motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T08:11:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924987
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Kemmett
Victim Site: kemmett.uk - Sale of combo list targeting streaming services with Hotmail, Yahoo, and Orange credentials
Category: Combo List
Content: A combo list containing approximately 127,802 email and password pairs from Hotmail.fr, Yahoo, and Orange accounts is being distributed on a cracking forum. The list is marketed as targeting streaming services for credential stuffing. No specific breached organization is identified.
Date: 2026-05-19T08:10:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-127-802-%E2%9A%9C%EF%B8%8F-hotmail-fr-yahoo-orange-Streaming-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mixed email:password combo list with mail access
Category: Combo List
Content: A mixed email:password combo list containing approximately 8,069 credentials with claimed mail access was shared on a cracking forum. The post is attributed to user GirlCrew. No additional details are available from the post content.
Date: 2026-05-19T08:10:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-8-069-8-067-mixed-Combolist-Mail-Pass-Mail-Access
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of large-scale URL:log:pass combo list with 250 million lines
Category: Logs
Content: A forum user is distributing a dataset of 250 million URL:log:pass entries, purportedly compiled in 2025. The content is shared for free behind a reply-gate on the forum. The post provides no information about the source or targeted organizations.
Date: 2026-05-19T08:09:59Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%EF%B8%8Furl-log-pass%E2%AD%90%EF%B8%8F-250m-lines-%E2%AD%90%EF%B8%8F2025%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: databreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mixed email:password combo list with mail access
Category: Combo List
Content: A threat actor shared a mixed email:password combo list containing 23,407 entries, advertised as having mail access. The list appears to aggregate credentials from multiple sources for use in credential stuffing or mailbox access.
Date: 2026-05-19T08:09:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-23-407-mixed-Combolist-Mail-Pass-Mail-Access
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor is freely distributing a URL:Log:Pass combo list containing over 8 million lines, labeled as part 352 of an ongoing series. The content is gated behind forum registration or login. No specific victim organization or breach source is identified.
Date: 2026-05-19T08:09:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-352
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed email:password combo list with 32,619 records
Category: Combo List
Content: A forum user shared a mixed email:password combo list containing 32,619 records, marketed for mail access. The post was made on a public cracking forum and no specific breach source or victim organization is identified.
Date: 2026-05-19T08:09:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-32-619-mixed-Combolist-Mail-Pass-Mail-Access
Screenshots:
None
Threat Actors: GirlCrew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach inquiry for Gîtes de France and Pierre et Vacances
Category: Data Breach
Content: A forum user is inquiring about the existence of leaked databases for French hospitality companies Gîtes de France and Pierre et Vacances. No actual data, files, or evidence of a breach are shared in the post.
Date: 2026-05-19T08:08:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Where-are-G%C3%AEtes-de-France-Pierre-et-Vacances-leaks
Screenshots:
None
Threat Actors: handrail1698
Victim Country: France
Victim Industry: Hospitality
Victim Organization: Gîtes de France / Pierre et Vacances
Victim Site: Unknown - Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 8,000 Hotmail credentials marketed as high-quality hits. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-19T08:08:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-8k-hq-hotmail-hit-%E2%9C%85-303867
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Private Fresh Credentials (20,218 Lines)
Category: Combo List
Content: A threat actor shared a combo list of approximately 20,218 email:password credential pairs, advertised as private, fresh, and good line quality. The post was made on a public cracking forum and appears to target credential stuffing activity. No specific victim organization or service was identified.
Date: 2026-05-19T08:08:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-20-218-Private-FA-Good-Line-Fresh
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: Mix mail access credentials shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 3,278 mixed mail credentials on a public forum. The post contains a download link with no additional details about the source or targeted services.
Date: 2026-05-19T08:08:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-3278x%E2%9A%A1MIX-MAIL%E2%9A%A1ACCESS%E2%9A%A1
Screenshots:
None
Threat Actors: ACE_XD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail mail access combo list (0.2K)
Category: Combo List
Content: A combo list of approximately 200 Hotmail mail access credentials is being shared on a cybercrime forum. The content is hidden behind a registration or login wall. No specific breach victim is identified; the named service is a credential-stuffing target, not the breach source.
Date: 2026-05-19T08:08:03Z
Network: openweb
Published URL: https://patched.to/Thread-0-2k-hq-hotmail-mail-access-combolist-303882
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Valorant account combo list with over 400,000 credentials
Category: Combo List
Content: A threat actor is offering a Valorant-themed combo list of mixed-region accounts, advertising over 400,000 credentials marketed as fresh with guaranteed hits. A checker tool with source code is also available for purchase. Distribution is facilitated via a Discord server.
Date: 2026-05-19T08:07:19Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-2859x-valorant-mixed-region-account-combolist
Screenshots:
None
Threat Actors: cdrgod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail and mixed credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of Hotmail and mixed credentials, claimed to have been dropped in a private Telegram channel 24 hours prior. The content is gated behind registration or login. No specific breach victim or record count is disclosed.
Date: 2026-05-19T08:06:46Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%B4%EF%B8%8F-hq-fresh-hotmails-mix-%E2%9C%B4%EF%B8%8F-dropped-in-private-channel-24h-ago-%F0%9F%94%A5%F0%9F%94%A5-303893
Screenshots:
None
Threat Actors: nikyofficial
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - USA and Switzerland mail access combo list
Category: Combo List
Content: A threat actor known as TraxGod is distributing a combo list of approximately 1,900 email credentials targeting USA and Switzerland accounts. The data is described as previously shared in private groups 4–7 days before public release. The content is gated behind registration or login on the forum.
Date: 2026-05-19T08:06:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%97%BC1-9k-usa-ch-mail-access-mix%F0%9F%97%BC%E2%9C%A8-18-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of stealer logs with 3.20 million URL:log:pass entries
Category: Logs
Content: A threat actor is offering stealer logs containing approximately 3.20 million URL:log:pass entries, marketed as high-quality, fresh, and private. The content is hidden behind a registration or login wall on the forum. No specific victim organization or industry is identified.
Date: 2026-05-19T08:06:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-3-20M%E2%AD%90%EF%B8%8FURL-LOG-PASS%E2%AD%90%EF%B8%8FHQ-LOGS%E2%AD%90%EF%B8%8FFRESH-PRIVATE%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: XVF33t
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of HQ Mix Target Combo List with 1.53M credentials
Category: Combo List
Content: A threat actor is distributing a mixed-target combo list containing approximately 1.53 million credentials, marketed as high-quality and fresh. The content is hidden behind a registration or login wall on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T08:05:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-1-53M%E2%AD%90%EF%B8%8FHQ-Mix-Target-COMBOLIST%E2%AD%90%EF%B8%8FPRIVATE-FRESH%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: XVF33t
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Bjargus Tech by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced the website bjargus-tech.com, targeting a specific page (b.html). The attack was a targeted single-page defacement with no team affiliation reported. Server and infrastructure details were not disclosed, and no specific motive was stated for the attack.
Date: 2026-05-19T08:04:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924983
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Bjargus Tech
Victim Site: bjargus-tech.com - Sale of Hotmail combo list by threat actor Verityyyy
Category: Combo List
Content: A threat actor operating under the alias Verityyyy is distributing a combo list of 594 Hotmail credentials, marketed as a drop on a public leak forum. The content is hidden behind a registration or login wall. No specific breach victim or organization is identified.
Date: 2026-05-19T08:04:46Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-594x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of HQ mix target combo list with 1.70M user:pass credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1.70 million user:password credential pairs marketed as high-quality and fresh. The content is hidden behind a registration or login wall on the forum. No specific victim organization or service is identified.
Date: 2026-05-19T08:04:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-1-70M%E2%AD%90%EF%B8%8FHQ-Mix-Target%E2%AD%90%EF%B8%8FUserPass-COMBOLIST%E2%AD%90%EF%B8%8FPRIVATE-FRESH%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: XVF33t
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Italy Email:Password Combo List
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,293 email and password pairs purportedly associated with Italian accounts. The credentials are marketed as fresh and high quality, dated May 19, 2026. The post links to a Telegram channel for additional combo lists.
Date: 2026-05-19T08:03:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-1-293-K-%E2%9C%A6-Italy-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Italy Email:Password Combo List
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,293 Italian email and password credential pairs, marketed as fresh and high quality. The list was posted on a leak forum and requires registration or login to access.
Date: 2026-05-19T08:03:48Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-1-293-K-%E2%9C%A6-Italy-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Olimpiansk.ru by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias DimasHxR defaced a page on the Russian website olimpiansk.ru. The attack was a targeted single-page defacement with no team affiliation reported. No additional technical details such as server information or attack methodology were disclosed.
Date: 2026-05-19T08:03:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924984
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Olimpiansk
Victim Site: olimpiansk.ru - Indonesia Email:Pass Combo List (303K+)
Category: Combo List
Content: A threat actor is distributing a combo list containing over 303,000 email and password pairs purportedly sourced from Indonesia, marketed as fresh and high quality. The credentials are shared behind a registration gate on a public forum. No specific victim organization is identified.
Date: 2026-05-19T08:03:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-303-K-%E2%9C%A6-Indonesia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting Indonesia email credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 303,000 email and password pairs purportedly from Indonesian users. The credentials are marketed as fresh and high quality. The content is hosted behind a registration/login wall on the forum.
Date: 2026-05-19T08:03:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-303-K-%E2%9C%A6-Indonesia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of Ireland email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 14,000 email:password credential pairs purportedly associated with Ireland. The credentials are marketed as fresh and high quality, dated 19-5-2026. The content is gated behind registration or login on the forum.
Date: 2026-05-19T08:02:28Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-14-K-%E2%9C%A6-Ireland-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Ireland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - India Email:Password Combo List with 292K Records
Category: Combo List
Content: A threat actor known as Maxleak is distributing a combo list of approximately 292,000 Indian email and password pairs, marketed as fresh and high quality. The list is available behind a registration/login gate on a public leak forum. No specific breached organization is identified.
Date: 2026-05-19T08:02:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-292-K-%E2%9C%A6-India-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of JoeyGardens by DimasHxR
Category: Defacement
Content: On May 19, 2026, the website joeygardens.com was defaced by the threat actor DimasHxR, operating without a known team affiliation. The defacement targeted a subdirectory path and was not classified as a mass or home page defacement. A mirror of the defaced page has been archived on zone-xsec.com for reference.
Date: 2026-05-19T08:02:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924985
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Hospitality / Food & Beverage
Victim Organization: Joey Gardens
Victim Site: joeygardens.com - Japan Email:Password Combo List with 187K Records
Category: Combo List
Content: A threat actor shared a combo list of approximately 187,000 email and password pairs purportedly associated with Japanese accounts. The credentials are marketed as fresh and high quality, dated May 19, 2026. The content is gated behind forum registration or login.
Date: 2026-05-19T08:01:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-187-K-%E2%9C%A6-Japan-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged combo list of Israeli email:password credentials
Category: Combo List
Content: A threat actor has shared a combo list of approximately 31,000 email:password pairs reportedly associated with Israeli accounts, marketed as fresh and high quality. The credentials were made available on a leak forum behind a registration/login gate. No specific breached organization is identified.
Date: 2026-05-19T08:01:26Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-31-K-%E2%9C%A6-Israel-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Iran email and password combo list leak
Category: Combo List
Content: A threat actor shared a combo list of over 10,000 email and password pairs purportedly associated with Iranian users. The credentials are marketed as fresh and high quality, dated May 19, 2026. The content is gated behind forum registration or login.
Date: 2026-05-19T08:00:55Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-10-K-%E2%9C%A6-Iran-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-19-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of SPD Worldwide by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor known as DimasHxR defaced the website spdworldwid.com, targeting a readme.txt file on the server. The attacker operated independently without affiliation to a known group or team. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T08:00:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924982
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SPD Worldwide
Victim Site: spdworldwid.com - Combo List: Mix Mail Access (1,527 credentials)
Category: Combo List
Content: A threat actor is distributing a combo list containing 1,527 mixed mail access credentials. The content is hidden behind a registration or login wall on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-19T08:00:23Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1527x-Mix-Mail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Maison Canon Press by DimasHxR
Category: Defacement
Content: On May 19, 2026, the threat actor DimasHxR defaced a page on maisoncanonpress.com, a website associated with a press or publishing entity. The defacement targeted a specific subpage (b.html) rather than the homepage and was carried out as a solo operation without team affiliation. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T07:59:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924986
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: Maison Canon Press
Victim Site: maisoncanonpress.com - Forum discussion on evading TSA screening with controlled substances using fake prescription labels
Category: Chatter
Content: A forum user on a darknet OpSec community is soliciting advice on transporting controlled substances (alprazolam) on domestic US flights, including requests for fake prescription label templates. The post does not contain threat intelligence relevant to cyber operations and is not associated with a specific victim or organization.
Date: 2026-05-19T07:58:04Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/02988040651e81621198
Screenshots:
None
Threat Actors: FriendlyGuy419 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list targeting Hong Kong accounts distributed on dark web forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 10,000+ email:password pairs associated with Hong Kong accounts. The credentials are marketed as fresh and high quality, dated May 17, 2026. The content is gated behind forum engagement or account upgrade.
Date: 2026-05-19T07:57:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76909
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Death Stealer 2026 Information-Stealing Malware
Category: Malware
Content: A forum post on CX-Forum advertises Death Stealer 2026, an information-stealing malware purportedly capable of harvesting credentials, browser data, and stored application data while evading detection. The post includes a download link and references a VirusTotal scan. The malware is described as exfiltrating stolen data to external command-and-control servers.
Date: 2026-05-19T07:56:45Z
Network: openweb
Published URL: https://crackingx.com/threads/75749/
Screenshots:
None
Threat Actors: Jake Elliott
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Japan Email:Password Combo List (154K+)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 154,000 email and password pairs purportedly associated with Japanese users. The credentials are marketed as fresh and high quality, dated May 17, 2026. The content is gated behind forum engagement or a paid account upgrade.
Date: 2026-05-19T07:56:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76815
Screenshots:
None
Threat Actors: Max_Leaks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of combo list targeting gaming services (COM/FR/ES)
Category: Combo List
Content: A threat actor is distributing combo lists reportedly targeting gaming services across COM, FR, and ES domains via Telegram channels. The post advertises free combos and tools through two Telegram groups. No specific victim organization or record count is disclosed.
Date: 2026-05-19T07:55:58Z
Network: openweb
Published URL: https://crackingx.com/threads/75741/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list for gaming platform credential stuffing
Category: Combo List
Content: A threat actor is offering 555 Hotmail credentials marketed as private and fresh. The combo list is advertised for use against gaming platforms including Fortnite, Minecraft, Valorant, Steam, and Rockstar. Access to the content requires registration or sign-in on the forum.
Date: 2026-05-19T07:55:41Z
Network: openweb
Published URL: https://crackingx.com/threads/75742/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Hotmail combo list with 544 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 544 Hotmail credentials marketed as ultra-high quality (UHQ). The list is available for free download and also via a paid subscription service with tiered pricing. The named service (Hotmail) is a credential-stuffing target, not a breach victim.
Date: 2026-05-19T07:55:23Z
Network: openweb
Published URL: https://crackingx.com/threads/75743/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of mixed corporate combo list with 9.3 million records
Category: Combo List
Content: A threat actor is distributing a mixed corporate combo list containing approximately 9.3 million unique credential pairs via a cracking forum and associated Telegram channels. The post advertises free combo lists and tools through external Telegram groups. No specific victim organization or breach source is identified.
Date: 2026-05-19T07:55:07Z
Network: openweb
Published URL: https://crackingx.com/threads/75745/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list containing 25,000 credentials
Category: Combo List
Content: A combo list of 25,000 Hotmail credentials is being shared on a cracking forum. The content is gated behind registration or sign-in. No further details about the data source or composition are available from the post.
Date: 2026-05-19T07:54:49Z
Network: openweb
Published URL: https://crackingx.com/threads/75746/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of HQ Mix Combo List
Category: Combo List
Content: A user on CX forum is distributing a combo list marketed as HQ Mix containing 1,857 credential pairs. The post provides a download link with no additional details about the source or targeted services.
Date: 2026-05-19T07:54:29Z
Network: openweb
Published URL: https://crackingx.com/threads/75748/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 266,000 credentials shared on darkforums
Category: Logs
Content: A combo list of approximately 266,000 URL:login:password (ULP) lines was shared for free on a dark web forum. The post markets the credentials as very high quality and dated May 19. The data is hosted on an external file-sharing service.
Date: 2026-05-19T07:54:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77023
Screenshots:
None
Threat Actors: MrKordy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Radio Imigrantes 87 by DimasHxR
Category: Defacement
Content: On May 19, 2026, the Brazilian radio station website radioimigrantes87.com.br was defaced by the threat actor DimasHxR. The attacker targeted a specific page on the site rather than the homepage, indicating a targeted single-page defacement. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-19T07:52:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924979
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Media & Broadcasting
Victim Organization: Radio Imigrantes 87
Victim Site: radioimigrantes87.com.br - Alleged data leak of MediaVacances.com
Category: Data Leak
Content: A threat actor has leaked a database attributed to MediaVacances.com, a French holiday rental platform. The dataset contains approximately 256,000 records in JSON format (188 MB), including invoices with customer names, addresses, payment methods, and transaction details. The data appears to include financial records dating back to at least 2005.
Date: 2026-05-19T07:51:59Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-MediaVacances-com-256K
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: France
Victim Industry: Travel and Tourism
Victim Organization: MediaVacances
Victim Site: mediavacances.com - Website Defacement of Estudoespirita.com.br by DimasHxR
Category: Defacement
Content: On May 19, 2026, the Brazilian spiritual studies website estudoespirita.com.br was defaced by the threat actor DimasHxR. The attacker targeted a specific file path (readme.t…) on the site, indicating a targeted single-page defacement rather than a mass or home page compromise. No affiliated team, stated motive, or technical exploitation details were disclosed.
Date: 2026-05-19T07:50:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924975
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Religion & Spirituality
Victim Organization: Estudo Espirita
Victim Site: estudoespirita.com.br - Alleged data leak of Instituto Tecnológico del Istmo, Oaxaca, Mexico
Category: Data Leak
Content: Threat actors Z3r00 and MagoSpeak (SpeakTeam) claim to have breached the Instituto Tecnológico del Istmo in Oaxaca, Mexico, and have freely distributed a dataset of 3,640 records. The leaked data includes full names, CURP (national ID), date of birth, gender, age, email, phone numbers, home address details, and nationality.
Date: 2026-05-19T07:50:46Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-INSTITUTO-TECNOLOGICO-DEL-ISTMO-OAXACA-MX-3640
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Istmo
Victim Site: Unknown - Alleged data leak of PMI database
Category: Data Leak
Content: A threat actor operating under the alias Anonpis and affiliated with Traser Sec Team has leaked a database allegedly belonging to PMI (Indonesian Red Cross). The exposed data fields include name, email, phone number, full name, and address.
Date: 2026-05-19T07:50:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76965
Screenshots:
None
Threat Actors: Anonpis
Victim Country: Indonesia
Victim Industry: Healthcare
Victim Organization: PMI (Palang Merah Indonesia)
Victim Site: Unknown - Alleged data leak of Escuela Normal Experimental Mexico
Category: Data Leak
Content: Threat actors Z3r00 and MagoSpeak (SpeakTeam) claim to have leaked a database from a Mexican experimental normal school, made available via a public download link. The dataset allegedly contains personal information including names, CURP identifiers, email addresses, phone numbers, dates of birth, gender, and address details. The post is politically motivated, targeting government and educational institutions.
Date: 2026-05-19T07:50:07Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-ESCUELA-NORMAL-EXPERIMENTAL-MX-3414
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Escuela Normal Experimental
Victim Site: Unknown - Alleged data leak of Carnival Corporation cruise customer database
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump attributed to Carnival Corporation containing approximately 30,000 records. The dataset includes personally identifiable information such as names, email addresses, age, date of birth, gender, household state, country, loyalty tier, casino tier, encrypted credit card numbers, and various marketing/behavioral attributes. A download link and Telegram contact for additional databases were provided.
Date: 2026-05-19T07:50:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76988
Screenshots:
None
Threat Actors: Hapcat
Victim Country: United States
Victim Industry: Travel & Hospitality
Victim Organization: Carnival Corporation
Victim Site: carnival.com - Alleged data leak of Denizli Private Egekent Hospital
Category: Data Leak
Content: A threat actor identified as #1877Team claims to have extracted over 600,000 data points from Denizli Private Egekent Hospital in Turkey. The post advertises a free download of the dataset, including a sample, suggesting the data has been publicly leaked. The extracted information reportedly includes patient or hospital records, though specific field details are not fully disclosed in the post.
Date: 2026-05-19T07:49:18Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77001
Screenshots:
None
Threat Actors: 1877
Victim Country: Turkey
Victim Industry: Healthcare
Victim Organization: Denizli Private Egekent Hospital
Victim Site: Unknown - Alleged data breach of BSSN
Category: Data Breach
Content: A forum post on Breached claims to offer a database associated with BSSN (Badan Siber dan Sandi Negara), Indonesias National Cyber and Crypto Agency. No post content is available to confirm the nature, scope, or authenticity of the alleged data. The claim is unverified.
Date: 2026-05-19T07:49:02Z
Network: openweb
Published URL: https://breached.st/threads/data-base-bssn.87356/unread
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: BSSN
Victim Site: bssn.go.id - Website Defacement of Brazilian Legal Services Site by DimasHxR
Category: Defacement
Content: On May 19, 2026, threat actor DimasHxR defaced the Brazilian legal services website advogado.abc.br, targeting a readme.txt file on the server. The attacker operated without an affiliated team, and no specific motive was disclosed. The incident was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-05-19T07:48:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924972
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Legal Services
Victim Organization: Advogado ABC
Victim Site: advogado.abc.br - Alleged Data Leak of SEDEM Bolivia Subsidy Database Exposing 526K Records
Category: Data Leak
Content: A threat actor has leaked an alleged extraction of SEDEM Bolivias subsidy system database, comprising 526,048 JSON records across two datasets. The leaked data reportedly includes beneficiary full names, national ID card numbers, residential addresses, emails, enrollment status, subsidy balances by food group, and biometric fingerprint registration mappings. The data is being freely distributed as a compressed RAR archive on a dark web forum.
Date: 2026-05-19T07:48:36Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77030
Screenshots:
None
Threat Actors: konata_izumi_shell
Victim Country: Bolivia
Victim Industry: Government
Victim Organization: SEDEM (Servicio de Desarrollo de las Empresas Públicas Productivas de Bolivia)
Victim Site: sedem.gob.bo - Public database torrent index shared via onion service
Category: Data Leak
Content: A threat actor shared links to two onion-hosted services advertising a publicly accessible index of database torrents. The post claims new databases are added regularly and encourages users to seed downloaded content. No specific victim organizations or record counts are disclosed.
Date: 2026-05-19T07:48:32Z
Network: openweb
Published URL: https://breached.st/threads/pow3r-h3ll-database-tracker.87357/unread
Screenshots:
None
Threat Actors: usodfg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Imperatriz FM by DimasHxR
Category: Defacement
Content: On May 19, 2026, the Brazilian radio station Imperatriz FM had its website defaced by the threat actor DimasHxR. The attacker targeted the readme.txt file on the domain imperatrizfm.com.br. The incident was a singular, non-mass defacement with no affiliated group or stated motive recorded.
Date: 2026-05-19T07:47:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924976
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Media and Broadcasting
Victim Organization: Imperatriz FM
Victim Site: imperatrizfm.com.br - Website Defacement of DQ Tech Store by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced the homepage of dqtech.store, a technology-oriented online store. The attack was a targeted single-site homepage defacement with no team affiliation reported. The incident involved replacement of the sites index page, indicating unauthorized access to the web server or content management system.
Date: 2026-05-19T07:41:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924968
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology / E-Commerce
Victim Organization: DQ Tech
Victim Site: dqtech.store - Website Defacement of pu88.gr.com by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor known as DimasHxR defaced a subdomain hosted under the .gr (Greece) top-level domain at pu88.gr.com. The incident was a targeted single-site defacement with no team affiliation reported. Server and infrastructure details were not disclosed in the available data.
Date: 2026-05-19T07:40:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924965
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pu88.gr.com - Website Defacement of pu88.bike by DimasHxR
Category: Defacement
Content: A threat actor operating under the alias DimasHxR defaced a file hosted on the domain pu88.bike on May 19, 2026. The defacement targeted a specific text file (d.txt) rather than the homepage, suggesting a targeted file-level intrusion. No team affiliation, stated motive, or technical details regarding the server were disclosed.
Date: 2026-05-19T07:39:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924964
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Sports/Cycling or Gambling
Victim Organization: PU88
Victim Site: pu88.bike - Website Defacement of pu88.news by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a file on the domain pu88.news, a news-related website. The defacement targeted a specific text file (d.txt) rather than the homepage, indicating a targeted file-level intrusion rather than a full site takeover. No team affiliation, stated motive, or additional technical details were disclosed in connection with this incident.
Date: 2026-05-19T07:38:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924966
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: News/Media
Victim Organization: PU88 News
Victim Site: pu88.news - Website Defacement of Estonian Construction Services Site by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a page on okehitusteenus.ee, an Estonian construction and road services company. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted page-level defacement. No team affiliation, stated motive, or technical exploitation details were disclosed.
Date: 2026-05-19T07:36:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924970
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Estonia
Victim Industry: Construction / Building Services
Victim Organization: Oke Hitus Teenus
Victim Site: okehitusteenus.ee - Website Defacement of tf88gen.com by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor known as DimasHxR defaced the website tf88gen.com, targeting a specific file path (d.txt). The attacker operated without an affiliated team, and the incident was a singular, non-mass defacement. Limited technical details are available regarding the server environment or the attackers motive.
Date: 2026-05-19T07:35:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924967
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tf88gen.com - Alleged leak of domain-based stealer logs dataset
Category: Logs
Content: A threat actor associated with X Forums has made available a file containing approximately 3.78 million lines of mixed data logs, identified as domain-based stealer log output. The dataset, approximately 71 MB in size, contains domain entries consistent with stealer log artifacts. The file is accessible to registered forum members via download links and a Telegram backup channel.
Date: 2026-05-19T07:29:53Z
Network: openweb
Published URL: https://xforums.st/threads/domains-26-logs-2-lines-by-x-forums.615389/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of hapn.org by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a page on hapn.org, targeting the file /b.html. The attacker operated independently without affiliation to a known group. No specific motive, server details, or proof of concept were disclosed in relation to this incident.
Date: 2026-05-19T07:29:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924955
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: HAPN
Victim Site: hapn.org - Website Defacement of ldtax.pro by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a page on ldtax.pro, a domain likely associated with tax or financial services. The defacement targeted a specific subpage (b.html) rather than the homepage, suggesting a targeted or exploratory intrusion. No team affiliation, specific motive, or technical details regarding the server were disclosed.
Date: 2026-05-19T07:27:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924952
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Finance / Taxation
Victim Organization: LD Tax
Victim Site: ldtax.pro - Website Defacement of IndiaInsured by PH.BL4KE of Fawkes Syndicate
Category: Defacement
Content: On May 19, 2026, threat actor PH.BL4KE operating under the group Fawkes Syndicate conducted a homepage defacement of indiainsured.in, an Indian insurance-related website. The attack was a targeted single-site defacement rather than a mass defacement campaign. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-19T07:26:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924959
Screenshots:
None
Threat Actors: PH.BL4KE, Fawkes Syndicate
Victim Country: India
Victim Industry: Insurance / Financial Services
Victim Organization: India Insured
Victim Site: indiainsured.in - Website Defacement of myperch.in by PH.BL4KE of Fawkes Syndicate
Category: Defacement
Content: On May 19, 2026, the website myperch.in was defaced by threat actor PH.BL4KE operating under the Fawkes Syndicate group. The attack targeted the homepage of the Indian domain in a single targeted defacement, replacing the sites content. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-05-19T07:25:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924958
Screenshots:
None
Threat Actors: PH.BL4KE, Fawkes Syndicate
Victim Country: India
Victim Industry: Unknown
Victim Organization: MyPerch
Victim Site: myperch.in - Website Defacement of cbtq.my.id by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the handle Ushiromiya defaced the website hosted at cbtq.my.id/spenli/. The attack was a targeted single-site defacement with no mass or redefacement indicators. Server and technical details were not disclosed, leaving the full attack vector unknown.
Date: 2026-05-19T07:24:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924951
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cbtq.my.id - Mass defacement of Indonesian school website by Ushiromiya
Category: Defacement
Content: On May 19, 2026, the attacker known as Ushiromiya conducted a mass defacement campaign targeting the website of SMP Negeri 4 Satap Warsa, an Indonesian junior high school. The attack was carried out on a Linux-based server and was part of a broader mass defacement operation. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T07:23:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249393
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMP Negeri 4 Satap Warsa
Victim Site: smpnegeri4satapwarsa.my.id - Website Defacement of Nino Investments by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced a page on ninoinv.ae, a website associated with an investment entity based in the United Arab Emirates. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted but limited defacement. No team affiliation, motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T07:22:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924956
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Arab Emirates
Victim Industry: Finance and Investment
Victim Organization: Nino Investments
Victim Site: ninoinv.ae - Distribution of ULP sample logs containing username and password combos
Category: Logs
Content: A user on XF forums shared a sample ULP (URL:Login:Password) log file containing approximately 767,943 lines of credentials. The sample data includes credentials for various services such as Instagram, Google, and other sites. The file is made available for registered forum members to download.
Date: 2026-05-19T07:16:39Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-sample-logs-by-x-forums.615391/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Namogoo by Mr. Hanz Xploit (Bekasi Eror System)
Category: Defacement
Content: On May 19, 2026, a threat actor identified as Mr. Hanz Xploit, affiliated with the group Bekasi Eror System, defaced a web page hosted on Namogoos WordPress-managed domain. The defacement targeted a specific page rather than the homepage and was executed on a Linux-based server. The incident was archived and mirrored via haxor.id.
Date: 2026-05-19T07:16:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249390
Screenshots:
None
Threat Actors: Mr. Hanz Xploit, Bekasi Eror System
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Namogoo
Victim Site: namogoo.wpengine.com - Website Defacement of akm435.my.id by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Ushiromiya defaced the website hosted at akm435.my.id, a domain registered under Indonesias .my.id namespace. The attack was conducted on a Linux-based server and was recorded as a single, targeted defacement rather than a mass or redefacement incident. The incident was archived and mirrored via haxor.id.
Date: 2026-05-19T07:15:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249391
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: akm435.my.id - Mass Website Defacement of Kurti College by Ushiromiya
Category: Defacement
Content: The threat actor Ushiromiya conducted a mass defacement targeting the CBT (Computer-Based Testing) portal of Kurti College, an Indonesian educational institution. This incident is classified as both a mass defacement and a redefacement, indicating the attacker has previously compromised this target. The attack was carried out on a Linux-based server on May 19, 2026, with a mirror archived at haxor.id.
Date: 2026-05-19T07:14:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249392
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Kurti College
Victim Site: kurticollege.or.id - Website Defacement of Perth Bible Church by DimasHxR
Category: Defacement
Content: On May 19, 2026, the threat actor DimasHxR defaced the homepage of Perth Bible Churchs website (perthbiblechurch.com). The attack was a targeted single-site defacement, replacing the sites home page content. No team affiliation was claimed and no specific motivation was disclosed for the attack.
Date: 2026-05-19T07:13:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924947
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Religious Organization
Victim Organization: Perth Bible Church
Victim Site: www.perthbiblechurch.com - Website Defacement of aaanandha.com by DimasHxR
Category: Defacement
Content: On May 19, 2026, the website aaanandha.com was defaced by the threat actor DimasHxR acting independently without an affiliated team. The attacker targeted a specific page (b.html) rather than the homepage, indicating a targeted page-level defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T07:11:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924944
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Aaanandha
Victim Site: aaanandha.com - Website Defacement of Schaedler Trajes by DimasHxR
Category: Defacement
Content: On May 19, 2026, threat actor DimasHxR defaced a page on schaedlertrajes.com, a Brazilian clothing/costume retailer. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted page-level defacement. The attacker operated independently without affiliation to a known hacking team.
Date: 2026-05-19T07:10:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924950
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Retail/Fashion
Victim Organization: Schaedler Trajes
Victim Site: schaedlertrajes.com - Website Defacement of Laundry Jaya by DimasHxR
Category: Defacement
Content: On May 19, 2026, a threat actor identified as DimasHxR defaced the homepage of Laundry Jaya, a small consumer laundry services business operating under the domain laundry-jaya.store. The attack was a targeted single-site defacement, replacing the index page content. No team affiliation or stated motive was recorded for this incident.
Date: 2026-05-19T07:09:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924946
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Indonesia
Victim Industry: Laundry / Consumer Services
Victim Organization: Laundry Jaya
Victim Site: laundry-jaya.store - ULP combo list with 879,363 lines shared on XF forums
Category: Combo List
Content: A username/password combo list containing 879,363 lines was shared on XF forums. The file includes credentials associated with various domains across multiple sectors and countries. The content appears to be aggregated credential pairs rather than a breach of any single organization.
Date: 2026-05-19T07:07:05Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-10-2-logs-by-x-forums.615392/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mass Website Defacement of Indonesian Educational Foundation by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor identified as Ushiromiya conducted a mass defacement campaign targeting the subdomain of Yayasan Arrahmah Jonggol, an Indonesian educational foundation. The attack targeted a Linux-based web server hosting what appears to be a computer-based testing (CBT) platform. The incident was recorded as part of a broader mass defacement operation attributed to the Ushiromiya actor.
Date: 2026-05-19T07:03:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249389
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education / Non-Profit
Victim Organization: Yayasan Arrahmah Jonggol
Victim Site: cbtsmpar.yayasanarrahmahjonggol.or.id - Mass Defacement of Indonesian Educational/Non-Profit Site by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Ushiromiya conducted a mass defacement campaign targeting the Indonesian non-profit organization Yayasan Arrahmah Jonggol. The attack affected a subdomain associated with the organizations online computer-based testing (CBT) platform, running on a Linux server. The incident is classified as part of a mass defacement operation, with a mirror archived on haxor.id.
Date: 2026-05-19T07:01:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249388
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Non-Profit / Education
Victim Organization: Yayasan Arrahmah Jonggol
Victim Site: cbtpkbmbci.yayasanarrahmahjonggol.or.id - Website Defacement of Yayasan Arrahmah Jonggol by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the handle Ushiromiya defaced the computer-based testing (CBT) subdomain of Yayasan Arrahmah Jonggol, an Indonesian non-profit/educational foundation. The targeted server was running Linux, and the defacement was a standalone, non-mass incident. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T06:59:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249387
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education / Non-Profit
Victim Organization: Yayasan Arrahmah Jonggol
Victim Site: cbt.yayasanarrahmahjonggol.or.id - Free distribution of ULP combo list with 1.6 million username/password pairs
Category: Combo List
Content: A combo list containing approximately 1.6 million username/password pairs was shared on XForums. The file, labeled ULP (10).txt and approximately 99.74 MB in size, includes credentials associated with various sites. The list was made available for free download to registered forum members.
Date: 2026-05-19T06:55:46Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-10-logs-by-x-forums.615393/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mass Defacement of Indonesian Educational/Non-Profit Site by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Ushiromiya conducted a mass defacement targeting the Indonesian organization Bintang Terang, specifically compromising the /cbt path of their website hosted on a Linux server. The incident is classified as a mass defacement, suggesting multiple sites were targeted in the same campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T06:53:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249386
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Non-Profit / Education
Victim Organization: Bintang Terang
Victim Site: bintangterang.or.id - Free distribution of combo list with over 2.1 million username/password pairs
Category: Combo List
Content: A combo list containing approximately 2.18 million username/password pairs was shared on XForums. The file, labeled ULP (11) (2).txt and sized at 128.55 MB, includes credentials associated with various online services. The content appears to be aggregated from multiple sources and is formatted for credential stuffing use.
Date: 2026-05-19T06:49:40Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-11-2-logs-by-x-forums.615394/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of ULP credential logs aggregated by X Forums
Category: Logs
Content: A threat actor operating under the alias X Forums has freely distributed a ULP (URL:Login:Password) log file named RiftDefenderHQ ~ ULP.txt totalling approximately 2.6 million lines. The file contains email/password credential pairs associated with various websites across multiple sectors and countries. The content appears to be aggregated stealer log output rather than a breach of a single organization.
Date: 2026-05-19T06:37:47Z
Network: openweb
Published URL: https://xforums.st/threads/riftdefenderhq-ulp-logs-by-x-forums.615395/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of NJ Collectables by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, the Australian collectables retailer NJ Collectables had a subdirectory of its website defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd. The defacement targeted a specific media path rather than the homepage and was neither a mass nor a repeat defacement event.
Date: 2026-05-19T06:36:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924936
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Retail / Collectables
Victim Organization: NJ Collectables
Victim Site: njcollectables.com.au - Combo List of 856K Email/Password Credentials Shared on XForums
Category: Combo List
Content: A combo list containing 856,684 email/password pairs was shared on XForums. The file includes credentials associated with various services such as Zoom, GitHub, Shopify, Netflix, and others. The content is formatted as URL:user:pass and appears suited for credential stuffing attacks.
Date: 2026-05-19T06:29:14Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-12-logs-by-x-forums.615396/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mass Website Defacement of Triagon Consulting by Mr. Hanz Xploit (Bekasi Eror System)
Category: Defacement
Content: On May 19, 2026, threat actor Mr. Hanz Xploit, affiliated with the group Bekasi Eror System, defaced the mail subdomain of Triagon Consultings website. The attack was part of a mass defacement campaign targeting a Linux-based server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-19T06:24:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249385
Screenshots:
None
Threat Actors: Mr. Hanz Xploit, Bekasi Eror System
Victim Country: Unknown
Victim Industry: Consulting
Victim Organization: Triagon Consulting
Victim Site: mail.triagonconsulting.com - Free distribution of ULP combo list with 3 million credential lines
Category: Combo List
Content: A combo list titled ULP (11) containing approximately 3 million username/password lines was made available on XF forums. The file (180.66 MB) includes credentials associated with various services such as Roblox, LinkedIn, Emirates, and a casino platform. The content appears to be aggregated credential pairs suitable for credential stuffing.
Date: 2026-05-19T06:21:15Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-11-logs-by-x-forums.615397/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Military/Medical Laptops Retailer by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a subdirectory of laptopsformilitarydocs.com, a website appearing to supply laptops to military personnel or medical professionals. The incident was a targeted single-site defacement, not part of a mass defacement campaign. The attack was catalogued via zone-xsec with mirror ID 924934.
Date: 2026-05-19T06:18:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924934
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: United States
Victim Industry: Retail / Defense & Military Supplies
Victim Organization: Laptops For Military Docs
Victim Site: laptopsformilitarydocs.com - Free distribution of ULP combo list with 3.18 million lines
Category: Combo List
Content: A threat actor on XF forums has freely distributed a ULP (URL:Login:Password) combo list containing over 3.18 million lines. The file includes credentials paired with associated login URLs spanning multiple services and domains. The content is formatted as email/password combos suitable for credential stuffing.
Date: 2026-05-19T06:13:06Z
Network: openweb
Published URL: https://xforums.st/threads/gift-ulp-logs-by-x-forums.615398/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Moonlit Public School by 01xLychi (ColbatSec)
Category: Defacement
Content: On May 19, 2026, threat actor 01xLychi operating under the team ColbatSec defaced a page on the Moonlit Public School website hosted at moonlitpublicschool.in. The incident was a targeted single-page defacement rather than a mass or home page defacement. The attack targeted an Indian educational institution, with the defaced content archived via zone-xsec.com mirror.
Date: 2026-05-19T06:12:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924932
Screenshots:
None
Threat Actors: 01xLychi, ColbatSec
Victim Country: India
Victim Industry: Education
Victim Organization: Moonlit Public School
Victim Site: moonlitpublicschool.in - Distribution of ULP credential combo list with 828,995 lines
Category: Combo List
Content: A combo list file titled ULP (13) (2).txt containing 828,995 username/password pairs has been made available on XF forums. The sample data includes credentials targeting multiple platforms such as Outlook, Instagram, JobsDB, and others. The file is 48.82 MB and was uploaded on 2026-05-19.
Date: 2026-05-19T06:07:23Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-13-2-logs-by-x-forums.615399/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged defacement of Triagon Consulting mail server
Category: Defacement
Content: Website defacement claimed by threat actor Mr. Hanz Xploit. A readme.html file was placed on the mail.triagonconsulting.com domain, indicating unauthorized access to the web server.
Date: 2026-05-19T06:07:10Z
Network: telegram
Published URL: https://t.me/PhiserXman/70
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Triagon Consulting
Victim Site: mail.triagonconsulting.com - Alleged sale of RDP access to cloud infrastructure and account credentials
Category: Initial Access
Content: Threat actor offering rental of Remote Desktop Protocol (RDP) access to Azure, AWS, and Digital Ocean infrastructure on daily/monthly basis for $200. Also advertising domain email accounts, Gmail, Yahoo accounts, GitHub Student accounts, ChatGPT Plus subscriptions, Claude 20x plan, and ElevenLabs Creator Plan access. Service claims fresh IPs and limited stock availability with escrow payment option.
Date: 2026-05-19T05:57:27Z
Network: telegram
Published URL: https://t.me/c/2613583520/84716
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Cloud Infrastructure, SaaS
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 1.5 million email/password credentials shared on XForums
Category: Combo List
Content: A combo list containing approximately 1.55 million email/password pairs was made available on XForums. The file, labeled ULP (14).txt, includes credentials targeting various services including Roblox, Shodan, and others. The content appears to be aggregated credentials for use in credential stuffing.
Date: 2026-05-19T05:56:31Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-14-logs-by-x-forums.615400/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list with 1.8 million username/password pairs shared on XF forums
Category: Combo List
Content: A combo list containing approximately 1.8 million username and password pairs has been shared on XF forums. The 107 MB file includes credentials associated with various services such as Semrush, Pinterest, Escrow, and Telefonica Colombia, among others. The content appears to be aggregated credentials suitable for credential-stuffing attacks.
Date: 2026-05-19T05:50:49Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-14-2-logs-by-x-forums.615401/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Distribution of ULP logs containing 2.7 million username/password combinations
Category: Combo List
Content: A threat actor on XF Forums has made available a ULP combo list containing approximately 2.7 million username and password pairs in a 163 MB text file. The sample lines reference multiple domains including Discord, Google, and various other sites. The file is accessible to registered forum members via download links.
Date: 2026-05-19T05:37:58Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-13-logs-by-x-forums.615402/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Schachtel-Fritz by azraelzer0d4y (b1ohaz4rd Team)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a subdirectory of the German website schachtel-fritz.de. The attack targeted a specific media path rather than the homepage, indicating a partial or directory-level defacement. No specific motive or server details were disclosed.
Date: 2026-05-19T05:32:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924931
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Schachtel Fritz
Victim Site: www.schachtel-fritz.de - Distribution of ULP combo list with over 1.4 million email/password pairs
Category: Combo List
Content: A combo list containing approximately 1.4 million email/password pairs has been freely distributed on a forum. The file, labeled ULP (15), includes credentials associated with various services such as DoorDash, Roblox, and others. The content type is described as email/password combos and is available to registered forum members.
Date: 2026-05-19T05:28:40Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-15-logs-by-x-forums.615403/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Het Mooiste Tuinblad by chinafans (0xteam)
Category: Defacement
Content: The website hetmooistetuinblad.nl, a Dutch gardening publication, was defaced by a threat actor known as chinafans operating under the group 0xteam on May 19, 2026. The defacement was a targeted single-site incident, with the attacker leaving content at the path /0x.txt. No specific motive or vulnerability details were disclosed.
Date: 2026-05-19T05:15:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924915
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Netherlands
Victim Industry: Media / Publishing
Victim Organization: Het Mooiste Tuinblad
Victim Site: hetmooistetuinblad.nl - Distribution of ULP combo list with 1.4 million email/password credentials
Category: Combo List
Content: A threat actor on XF forums has shared a combo list containing approximately 1.47 million URL:login:password (ULP) credential pairs. The file is 86.46 MB and aggregates credentials from multiple unrelated sites. Content is available to registered forum members.
Date: 2026-05-19T05:15:09Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-16-2-logs-by-x-forums.615404/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Regents Learning by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website regentslearning.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, marking a targeted defacement of what appears to be an educational platform. No mass defacement or home page compromise was reported in connection with this incident.
Date: 2026-05-19T05:14:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924898
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Education
Victim Organization: Regents Learning
Victim Site: regentslearning.com - Website Defacement of Mackanze Shipping by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website mackanzeshipping.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at mackanzeshipping.com/0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated compromise.
Date: 2026-05-19T05:13:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924921
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Shipping and Logistics
Victim Organization: Mackanze Shipping
Victim Site: mackanzeshipping.com - Website Defacement of Stone Age Group by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor identified as chinafans, operating under the group 0xteam, defaced a text file on the domain stoneage.group. The defacement was a targeted, non-mass incident and does not appear to be a redefacement. No specific motivation or server details were disclosed.
Date: 2026-05-19T05:12:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924897
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Stone Age Group
Victim Site: stoneage.group - Website Defacement of inchathotty.com by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website inchathotty.com was defaced by a threat actor operating under the alias chinafans, affiliated with the group 0xteam. The defacement targeted a text file path (0x.txt) on the domain, consistent with a single-page or file-level defacement rather than a full homepage takeover. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-19T05:12:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924927
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment / Online Chat
Victim Organization: InChatHotty
Victim Site: inchathotty.com - Website Defacement of dapperden.xyz by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website dapperden.xyz. The incident was a targeted single-site defacement with no indication of mass or repeat defacement activity. The attackers motive and the server details remain unknown.
Date: 2026-05-19T05:11:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924904
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Dapper Den
Victim Site: dapperden.xyz - Website Defacement of Kejayaan Intergrated by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Kejayaan Intergrated, a Nigerian organization. The attack was a targeted single-site defacement, with the defaced page archived via zone-xsec.com. No specific motivation or server details were disclosed.
Date: 2026-05-19T05:10:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924914
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: Kejayaan Intergrated
Victim Site: kejayaanintergrated.com.ng - Website Defacement of Tentdee by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website tentdee.com was defaced by a threat actor operating under the alias chinafans, affiliated with the hacking group 0xteam. The defacement targeted a specific text file path on the server. The incident was recorded as a standalone defacement, not classified as a mass or home page defacement.
Date: 2026-05-19T05:09:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924923
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Tentdee
Victim Site: tentdee.com - Website defacement of shortsreels.io by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website shortsreels.io was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The defacement targeted a specific text file (0x.txt) on the domain, suggesting a targeted file-level intrusion rather than a full homepage takeover. No specific motivation or technical details regarding the attack vector were disclosed.
Date: 2026-05-19T05:08:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924902
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media & Entertainment
Victim Organization: Shorts Reels
Victim Site: shortsreels.io - Website Defacement of ZTF ICT Solutions by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of ZTF ICT Solutions by uploading a defacement file at ztf-ictsolutions.com/0x.txt. The incident was a targeted, single-site defacement with no mass or re-defacement indicators. The attack was archived and mirrored via zone-xsec.com.
Date: 2026-05-19T05:08:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924910
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: ZTF ICT Solutions
Victim Site: ztf-ictsolutions.com - Website Defacement of kynangsongnhanthe.com.vn by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a Vietnamese website associated with life skills or personal development content was defaced by threat actor chinafans operating under the group 0xteam. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific technical details regarding the server environment or attack vector were disclosed.
Date: 2026-05-19T05:07:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924912
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Education / Personal Development
Victim Organization: Ky Nang Song Nhan The
Victim Site: kynangsongnhanthe.com.vn - Website Defacement of The Velvet Elephant by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website thevelvetelephant.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt on the target server. The incident was a singular, non-mass defacement with no redefacement history recorded.
Date: 2026-05-19T05:06:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924903
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: The Velvet Elephant
Victim Site: thevelvetelephant.com - Website Defacement of vgsxd.com by chinafans (0xteam)
Category: Defacement
Content: The website vgsxd.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 19, 2026. The defacement was a targeted single-site attack, with the defacement content hosted at the path /0x.txt. No specific motive, server details, or organizational information were disclosed in connection with this incident.
Date: 2026-05-19T05:05:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924906
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vgsxd.com - Website Defacement of Thuyanh Travel by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the travel website thuyanhtravel.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with the groups naming convention. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-19T05:05:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924909
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Travel and Tourism
Victim Organization: Thuyanh Travel
Victim Site: thuyanhtravel.com - Distribution of ULP combo list with 396,054 credential entries
Category: Combo List
Content: A combo list containing 396,054 username/password pairs has been shared on XForums. The file includes credentials associated with various services including Netflix, Spotify, Google, and a Moroccan government tax portal. The list appears to be an aggregated ULP-format credential collection distributed freely to forum members.
Date: 2026-05-19T05:04:17Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-17-2-logs-by-x-forums.615405/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Transportes Martinez Moreno by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website of Transportes Martinez Moreno, a transportation company likely based in a Spanish-speaking country. The incident was recorded on May 19, 2026, and was a targeted single-site defacement rather than a mass or repeated attack. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-19T05:04:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924896
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Transportation and Logistics
Victim Organization: Transportes Martinez Moreno
Victim Site: transportesmartinezmoreno.com - Website Defacement of nataliewalschots.com by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website nataliewalschots.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) and was a singular, non-mass incident. No specific motivation or server details were disclosed in the available reporting.
Date: 2026-05-19T05:03:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924913
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Personal/Blog
Victim Organization: Natalie Walschots
Victim Site: nataliewalschots.com - Website Defacement of WorkoutGem by chinafans (0xteam)
Category: Defacement
Content: The website workoutgem.com was defaced by threat actor chinafans operating under the group 0xteam on May 19, 2026. The defacement was a targeted single-site attack, with the defaced content hosted at workoutgem.com/0x.txt. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-19T05:02:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924907
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Health & Fitness
Victim Organization: WorkoutGem
Victim Site: workoutgem.com - Website Defacement of Building Partnership Skills by chinafans (0xteam)
Category: Defacement
Content: The website buildingpartnershipskills.com was defaced by threat actor chinafans, affiliated with 0xteam, on May 19, 2026. The incident was a targeted single-site defacement with no mass or repeat defacement indicators. The organization appears to be involved in partnership or skills development training, and server details were not disclosed in the reported incident.
Date: 2026-05-19T05:01:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924900
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education / Training
Victim Organization: Building Partnership Skills
Victim Site: buildingpartnershipskills.com - Website Defacement of 399bet.lol by chinafans of 0xteam
Category: Defacement
Content: On May 19, 2026, the online betting platform 399bet.lol was defaced by a threat actor known as chinafans, operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with the teams naming convention. This appears to be a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-19T05:01:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924920
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Gambling / Online Betting
Victim Organization: 399bet
Victim Site: 399bet.lol - Website Defacement of Warehouse Studio by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website warehousestudio.org was defaced by a threat actor known as chinafans, operating under the group 0xteam. The attacker targeted a specific file path (/0x.txt) on the domain, leaving a defacement marker. This appears to be a single, targeted defacement rather than a mass or redefacement campaign.
Date: 2026-05-19T05:00:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924908
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Arts and Entertainment
Victim Organization: Warehouse Studio
Victim Site: warehousestudio.org - Website Defacement of Bondor Bazar by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website bondorbazar.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker planted a defacement file at bondorbazar.com/0x.txt. The incident was a targeted single-site defacement with no mass or repeat defacement indicators recorded.
Date: 2026-05-19T04:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924924
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Bondor Bazar
Victim Site: bondorbazar.com - Free distribution of ULP combo list with 1.3 million email/password pairs
Category: Combo List
Content: A threat actor on XF Forums has leaked a combo list titled ULP (17) containing approximately 1.34 million email/password pairs in a 77.95 MB text file. The sample data shows credentials associated with multiple services including Google, Duolingo, and various other platforms. The list was made available for free to registered forum members.
Date: 2026-05-19T04:59:27Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-17-logs-by-x-forums.615406/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of 399bet.day by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website 399bet.day, an online betting platform. The defacement was a targeted single-site attack, with the defaced content hosted at the path /0x.txt. No specific motive or technical details regarding the exploitation method were disclosed.
Date: 2026-05-19T04:58:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924918
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Gambling / Online Betting
Victim Organization: 399bet
Victim Site: 399bet.day - Website Defacement of Pilates ML by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website pilatesml.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at pilatesml.com/0x.txt, consistent with the groups naming conventions. The incident was a targeted, single-site defacement with no mass or re-defacement indicators reported.
Date: 2026-05-19T04:58:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924901
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Health & Fitness / Wellness
Victim Organization: Pilates ML
Victim Site: pilatesml.com - Website Defacement of Maldives Travel Agency by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Maldives Travel Agency. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or server details were disclosed in the available data.
Date: 2026-05-19T04:51:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924889
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Maldives
Victim Industry: Travel and Tourism
Victim Organization: Maldives Travel Agency
Victim Site: maldivestravelagency.com - Website Redefacement of Schermionline.it by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website schermionline.it, an Italian fencing-related platform, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on May 19, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another actor. The attack targeted a subdirectory of the domain rather than the homepage, suggesting opportunistic exploitation of a vulnerable web path.
Date: 2026-05-19T04:51:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924895
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Italy
Victim Industry: Sports / Recreation
Victim Organization: Schermionline
Victim Site: www.schermionline.it - Website Defacement of doughamel.com by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website doughamel.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or server details were disclosed in association with the incident.
Date: 2026-05-19T04:50:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924858
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Doug Hamel
Victim Site: doughamel.com - Website Defacement of VoodooPress by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website voodoopress.net was defaced by threat actor chinafans, affiliated with the hacking group 0xteam. The defacement was a targeted, single-site attack with the defacement content hosted at the path /0x.txt. A mirror of the defacement was archived by zone-xsec.com.
Date: 2026-05-19T04:49:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924875
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology/Web Services
Victim Organization: VoodooPress
Victim Site: voodoopress.net - Distribution of ULP credential logs with 2.2 million lines
Category: Logs
Content: A user on XF Forums leaked a ULP (URL:Login:Password) log file containing approximately 2.2 million lines across 130 MB. The sample data includes credentials associated with various domains spanning multiple countries and sectors. The file was made available for download to registered forum members.
Date: 2026-05-19T04:49:30Z
Network: openweb
Published URL: https://xforums.st/threads/ulp-16-logs-by-x-forums.615407/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Foodiz Imports by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website foodizimports.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-19T04:48:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924863
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Food & Beverage / Import & Export
Victim Organization: Foodiz Imports
Victim Site: foodizimports.com - Website Defacement of Psicoterapia Panama by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Psicoterapia Panama, a psychotherapy services provider based in Panama. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level compromise. The incident was a single-target, non-mass defacement with no publicly disclosed motive.
Date: 2026-05-19T04:48:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924868
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Panama
Victim Industry: Healthcare / Mental Health Services
Victim Organization: Psicoterapia Panama
Victim Site: psicoterapiapanama.com - Website Defacement of Encapsula BR by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website encapsulabr.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) on the domain, which is identified as a Brazilian-based website based on the br suffix in the domain name. The incident was a targeted, non-mass defacement with no confirmed redefacement history.
Date: 2026-05-19T04:47:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924862
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Encapsula BR
Victim Site: encapsulabr.com - Website defacement of Traicaytoanthang by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website traicaytoanthang.com, a Vietnamese fruit/produce vendor, was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced page mirrored and archived at zone-xsec.com. No specific motivation or server details were disclosed.
Date: 2026-05-19T04:46:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924879
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Agriculture / Food & Beverage
Victim Organization: Trai Cay Toan Thang
Victim Site: traicaytoanthang.com - Website Defacement of josehuambachano.com by chinafans (0xteam)
Category: Defacement
Content: The website josehuambachano.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement was recorded on May 19, 2026, and was not classified as a mass or home page defacement. The incident was catalogued with a mirror archived at zone-xsec.com.
Date: 2026-05-19T04:46:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924880
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Jose Huambachano
Victim Site: josehuambachano.com - Website Defacement of servant.co.za by chinafans (0xteam)
Category: Defacement
Content: The website servant.co.za was defaced by threat actor chinafans operating under the group 0xteam on May 19, 2026. The attack was a targeted single-site defacement, with the defacement content hosted at servant.co.za/0x.txt. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-05-19T04:45:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924887
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Servant
Victim Site: servant.co.za - Website Defacement of Anglo Couture by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website anglocouture.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defacement archived at zone-xsec.com. No specific motive or server details were disclosed in association with this attack.
Date: 2026-05-19T04:44:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924877
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Fashion and Apparel
Victim Organization: Anglo Couture
Victim Site: anglocouture.com - Website Defacement of QP Dental by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a file on the Canadian dental services website qpdental.ca. The defacement targeted a specific text file (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was documented with a mirror archived on zone-xsec.com.
Date: 2026-05-19T04:44:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924869
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Canada
Victim Industry: Healthcare / Dental Services
Victim Organization: QP Dental
Victim Site: qpdental.ca - Website Defacement of Trivon Forklift Training by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor identified as chinafans, affiliated with team 0xteam, defaced a page on trivonforklifttraining.com, a forklift training services website. The incident was a targeted single-page defacement rather than a mass or home page defacement. Server and infrastructure details were not publicly disclosed at the time of reporting.
Date: 2026-05-19T04:43:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924856
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Training and Education Services
Victim Organization: Trivon Forklift Training
Victim Site: trivonforklifttraining.com - Website Defacement of ShirtMixer by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website shirtmixer.de was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) on the German-based custom apparel or shirt design platform. No specific motive or technical details were disclosed in the incident report.
Date: 2026-05-19T04:42:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924870
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Retail / E-commerce
Victim Organization: ShirtMixer
Victim Site: shirtmixer.de - Website Defacement of moskalenkotetyana.com by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website moskalenkotetyana.com by placing a defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no server or infrastructure details disclosed. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-19T04:42:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924874
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Moskalenko Tetyana
Victim Site: moskalenkotetyana.com - Website Defacement of SpanishDreamHome by chinafans (0xteam)
Category: Defacement
Content: A threat actor known as chinafans, operating under the group 0xteam, defaced the website spanishdreamhome.com on May 19, 2026. The defacement targeted a real estate-related website, with the attacker leaving a marker file at the path /0x.txt. The incident was a singular targeted defacement, not part of a mass or repeated defacement campaign.
Date: 2026-05-19T04:41:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924884
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Spanish Dream Home
Victim Site: spanishdreamhome.com - Website defacement of SpeedInfra by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website speedinfra.in was defaced by threat actor chinafans operating under the group 0xteam. The attacker targeted a specific file path (0x.txt) on the domain, indicating a focused intrusion rather than a mass or homepage defacement. The incident was documented and mirrored by zone-xsec.com under mirror ID 924873.
Date: 2026-05-19T04:40:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924873
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Infrastructure / Technology Services
Victim Organization: Speed Infra
Victim Site: speedinfra.in - Website Defacement of jebilly.com by chinafans of 0xteam
Category: Defacement
Content: On May 19, 2026, the website jebilly.com was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The defacement was a targeted single-site incident, with the defaced content archived at zone-xsec.com. No additional details regarding the attackers motivation or the server infrastructure were disclosed.
Date: 2026-05-19T04:40:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924861
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Jebilly
Victim Site: jebilly.com - Website Defacement of littlehatch.in by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias chinafans and affiliated with 0xteam defaced the Indian website littlehatch.in, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no mass defacement or redefacement indicators noted.
Date: 2026-05-19T04:39:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924881
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: Little Hatch
Victim Site: littlehatch.in - Website Defacement of lifewithai.tech by chinafans (0xteam)
Category: Defacement
Content: The website lifewithai.tech was defaced by threat actor chinafans operating under the group 0xteam on May 19, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level compromise. The incident was recorded and mirrored by zone-xsec.com under ID 924882.
Date: 2026-05-19T04:38:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924882
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Life With AI
Victim Site: lifewithai.tech - Website Defacement of Kivirtel by chinafans (0xteam)
Category: Defacement
Content: The website kivirtel.com was defaced by a threat actor known as chinafans, operating under the group 0xteam, on May 19, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was documented and mirrored by zone-xsec.com with mirror ID 924892.
Date: 2026-05-19T04:38:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924892
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: Kivirtel
Victim Site: kivirtel.com - Website Defacement of yuki585.it.com by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website yuki585.it.com, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement, with a mirror of the defaced content archived at zone-xsec.com. No specific motive, server details, or organizational attribution has been identified for this incident.
Date: 2026-05-19T04:37:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924872
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: yuki585.it.com - Sale of Netflix credential-stuffing config (OpenBullet/Sentry MBA)
Category: Combo List
Content: A threat actor is offering for sale a Netflix credential-stuffing configuration file in .OPK format, advertised as targeting a new API for 2026-2027. The seller directs interested buyers to contact them via Telegram.
Date: 2026-05-19T04:37:13Z
Network: openweb
Published URL: https://crackingx.com/threads/75740/
Screenshots:
None
Threat Actors: alvianparker10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Health Coverage Helpers by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website healthcoveragehelpers.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The attack targeted a health coverage assistance platform, likely operating in the US healthcare and insurance sector. The incident was a single-target, non-mass defacement with a mirror archived on zone-xsec.com.
Date: 2026-05-19T04:36:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924876
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Healthcare / Insurance
Victim Organization: Health Coverage Helpers
Victim Site: healthcoveragehelpers.com - Website Defacement of SmartCareersToday by chinafans (0xteam)
Category: Defacement
Content: The website smartcareerstoday.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 19, 2026. The defacement targeted a career services platform and was recorded as a single, non-mass, non-redefacement incident. No specific motive or server details were disclosed.
Date: 2026-05-19T04:36:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924894
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Career Services / Employment
Victim Organization: Smart Careers Today
Victim Site: smartcareerstoday.com - Website Defacement of Slidesgo.net by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website slidesgo.net, targeting a file at the path /0x.txt. The defacement was a single targeted incident, not a mass or repeated defacement. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-05-19T04:35:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924885
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology / Presentation Templates
Victim Organization: Slidesgo
Victim Site: slidesgo.net - Combo List of 13 million credentials targeting X
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 13 million username:password pairs in ULP (URL:Login:Password) format. The post is associated with a group called Mint Services that claims to provide daily leaks. No specific breach victim is identified.
Date: 2026-05-19T04:35:19Z
Network: openweb
Published URL: https://cracked.st/Thread-X-13KK-ULP-TXT
Screenshots:
None
Threat Actors: Mallevado
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Sendanjo by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, the website sendanjo.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, leaving a text-based payload at the path /0x.txt. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T04:34:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924890
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Sendanjo
Victim Site: sendanjo.com - Mail Access Cloud Service Offering by ImLupin
Category: Services
Content: A forum user operating as ImLupin is advertising a cloud-based mail access service with tiered pricing plans. The service claims to provide private, fresh, and unique files, with contact and support channels hosted on Telegram.
Date: 2026-05-19T04:34:26Z
Network: openweb
Published URL: https://cracked.st/Thread-1-MAIL-ACCESS-CLOUD-LUPIN-PRIVATE-FRESH-UNIQUES-FILES-HERE-YOUR-BEST-OPTION
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Home and Travel Concierge by chinafans (0xTeam)
Category: Defacement
Content: On May 19, 2026, the website homeandtravelconcierge.com was defaced by threat actor chinafans, operating under the group 0xTeam. The attack targeted a home and travel concierge services website in what appears to be a single-target defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-19T04:34:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924857
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Travel and Hospitality
Victim Organization: Home and Travel Concierge
Victim Site: homeandtravelconcierge.com - Website Defacement of Riacho Locadora by chinafans (0xteam)
Category: Defacement
Content: On May 19, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Riacho Locadora, a rental services company likely based in Brazil. The defacement targeted a specific file path (0x.txt) on the domain and was neither a mass nor a redefacement incident. The attack details were mirrored and archived via zone-xsec.com.
Date: 2026-05-19T04:33:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924893
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Rental Services
Victim Organization: Riacho Locadora
Victim Site: riacholocadora.com - Website Defacement of Khurmani.com by chinafans of 0xteam
Category: Defacement
Content: On May 19, 2026, the website khurmani.com was defaced by a threat actor using the handle chinafans, affiliated with the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No additional technical details regarding the server infrastructure or attacker motivation were disclosed.
Date: 2026-05-19T04:32:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924878
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Khurmani
Victim Site: khurmani.com - Alleged data leak of Bolivia Ministry of Defense confidential records
Category: Data Leak
Content: A threat actor known as malconguerra2 is distributing what they claim to be confidential records from the Bolivian Ministry of Defense. The dataset is shared in .XLSX format, totaling 2.83 GB with approximately 180,000 records. A sample file is available via a hidden forum link, and the actor provides a Telegram contact for further communication.
Date: 2026-05-19T04:29:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77040
Screenshots:
None
Threat Actors: malconguerra2
Victim Country: Bolivia
Victim Industry: Government
Victim Organization: Bolivia Ministry of Defense
Victim Site: Unknown - Free South Korea Email Combo List (Batch 48/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korea-targeted email credentials, labeled as batch 48 of 100. The content is hidden behind a registration/login wall on the forum. No specific victim organization or record count is disclosed.
Date: 2026-05-19T04:17:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-48-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 1,442 Hotmail credentials
Category: Combo List
Content: A forum user shared a combo list of 1,442 claimed valid Hotmail credentials as hidden content requiring registration or login to access. The post requires a like to avoid a ban, a common forum engagement tactic. No breach of Microsoft or Hotmail infrastructure is implied; these credentials are likely sourced from third-party breaches.
Date: 2026-05-19T04:17:08Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A11442x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of FoodCareDirect by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media/custom directory on foodcaredirect.com. The incident was a targeted single-site defacement, not part of a mass or repeated defacement campaign. No specific motive or server details were disclosed, and a mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-19T04:13:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924824
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Food and Beverage / Healthcare
Victim Organization: FoodCareDirect
Victim Site: foodcaredirect.com - Website Defacement of Cyno Infotech by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 19, 2026, threat actor azraelzer0d4y operating under the team b1ohaz4rd defaced a media/custom directory page on cynoinfotech.com, an Indian IT services company. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. The attack was documented and mirrored via zone-xsec.com with mirror ID 924822.
Date: 2026-05-19T04:01:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924822
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: India
Victim Industry: Information Technology
Victim Organization: Cyno Infotech
Victim Site: cynoinfotech.com - Request for business contact database leads on darknet forum
Category: Chatter
Content: A darknet forum user is requesting leads on where to purchase business contact databases for USA and EU, specifically targeting businesses that sell on platforms like Amazon and Walmart. The post seeks data including business name, contact name, phone, and email. No specific breach or sale is being advertised.
Date: 2026-05-19T03:53:27Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/122648790ab74b24e2c8
Screenshots:
None
Threat Actors: roundrobin8097 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Shakti Vidhya Mandir by 0x6ick (6ickzone)
Category: Defacement
Content: On May 19, 2026, threat actor 0x6ick, affiliated with the group 6ickzone, defaced a file on the Indian educational institution website shaktividhyamandir.in. The attack targeted a specific file path (y.txt) rather than the homepage, indicating a targeted file-level defacement. The incident was archived and mirrored by zone-xsec.com.
Date: 2026-05-19T03:43:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924806
Screenshots:
None
Threat Actors: 0x6ick, 6ickzone
Victim Country: India
Victim Industry: Education
Victim Organization: Shakti Vidhya Mandir
Victim Site: shaktividhyamandir.in - Website Defacement of BPN College by 0x6ick (6ickzone)
Category: Defacement
Content: On May 19, 2026, the attacker known as 0x6ick, operating under the team 6ickzone, defaced a file on the BPN College website (bpncollege.in). The defacement targeted a specific text file rather than the homepage, suggesting a targeted file-level intrusion. A mirror of the defacement has been archived on zone-xsec.com.
Date: 2026-05-19T03:42:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924785
Screenshots:
None
Threat Actors: 0x6ick, 6ickzone
Victim Country: India
Victim Industry: Education
Victim Organization: BPN College
Victim Site: bpncollege.in - Website Defacement of Aviraj College by 0x6ick (6ickzone)
Category: Defacement
Content: On May 19, 2026, threat actor 0x6ick, operating under the team 6ickzone, defaced a file on the Aviraj College website (avirajcollege.in). The defacement targeted a specific file path rather than the homepage, indicating a targeted file-level intrusion. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-19T03:40:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924783
Screenshots:
None
Threat Actors: 0x6ick, 6ickzone
Victim Country: India
Victim Industry: Education
Victim Organization: Aviraj College
Victim Site: avirajcollege.in - Website Defacement of LGPV College by 0x6ick (6ickzone)
Category: Defacement
Content: On May 19, 2026, threat actor 0x6ick, operating under the team 6ickzone, defaced a file on the Indian educational institution LGPV Colleges website (lgpvcollege.in). The defacement targeted a specific file path (y.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was archived and mirrored by zone-xsec.com.
Date: 2026-05-19T03:39:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924790
Screenshots:
None
Threat Actors: 0x6ick, 6ickzone
Victim Country: India
Victim Industry: Education
Victim Organization: LGPV College
Victim Site: lgpvcollege.in - Hotmail combo list targeting streaming services
Category: Combo List
Content: A threat actor on a cracking forum shared a combo list containing 482,552 email:password lines described as fresh leaks. The list is marketed as targeting streaming services and sourced from Hotmail accounts. No specific breached organization is identified.
Date: 2026-05-19T03:29:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-482-552-Lines-%E2%9C%85-Streaming-Target-Hotmail-Combolist-Fresh-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged combo list of mixed corporate domain credentials
Category: Combo List
Content: A combo list containing approximately 125,313 email and password pairs associated with mixed corporate domains was shared on a cracking forum. The post was authored by AiCombo and appears to be a credential stuffing resource. No further details are available from the post content.
Date: 2026-05-19T03:29:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-125-313-%E2%9C%85-Mixed-Corp-Domain
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of xpervian.com by Attacker atig313
Category: Defacement
Content: On May 19, 2026, the website xpervian.com was defaced by a threat actor operating under the handle atig313. The attacker targeted a specific page (atig313.html) rather than the homepage, indicating a targeted single-page defacement. The incident was carried out by an individual actor with no affiliated team, and technical details such as the server environment and exploitation method remain unknown.
Date: 2026-05-19T03:27:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924775
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Xpervian
Victim Site: xpervian.com - Website Defacement of cunnektnow.com by atig313
Category: Defacement
Content: On May 19, 2026, a threat actor identified as atig313 defaced a specific page on cunnektnow.com, targeting the URL path /atig313.html. The incident was a single-page defacement, not classified as a mass or home page defacement. No team affiliation, motive, or technical infrastructure details were disclosed in connection with this attack.
Date: 2026-05-19T03:27:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924773
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Technology / Telecommunications
Victim Organization: Cunnekt Now
Victim Site: cunnektnow.com - Sale of EDU combo list
Category: Combo List
Content: A threat actor is advertising a private EDU combo list on a cracking forum, directing interested parties to a Telegram channel and group for access. The post does not disclose record count, specific targets, or data fields.
Date: 2026-05-19T03:26:47Z
Network: openweb
Published URL: https://crackingx.com/threads/75733/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of imexerp.com by Attacker atig313
Category: Defacement
Content: On May 19, 2026, the website imexerp.com was defaced by an attacker operating under the handle atig313. The defacement targeted a specific page (atig313.html) rather than the homepage, suggesting a targeted page-level intrusion. No team affiliation, stated motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-19T03:26:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924758
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Technology / ERP Software
Victim Organization: IMEX ERP
Victim Site: imexerp.com - Website defacement of Al-Husnayain School by Ushiromiya
Category: Defacement
Content: The attacker Ushiromiya defaced the computer-based testing (CBT) portal of Al-Husnayain School, an Indonesian educational institution, on May 19, 2026. The targeted subdomain (cbt.alhusnayain.sch.id) is hosted on a Linux server and appears to serve as an online examination platform. This was a single-site defacement with no indication of mass or repeated targeting.
Date: 2026-05-19T03:25:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249384
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Al-Husnayain School
Victim Site: cbt.alhusnayain.sch.id - Website Defacement of Deviant Systems by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, threat actor atig313 defaced a page on deviantsystems.nl, a Netherlands-based technology domain. The attack targeted a specific page (atig313.html) rather than the homepage, indicating a targeted single-page defacement. The attacker operated without an affiliated team, and no specific motive or exploit method was disclosed.
Date: 2026-05-19T03:24:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924781
Screenshots:
None
Threat Actors: atig313
Victim Country: Netherlands
Victim Industry: Technology
Victim Organization: Deviant Systems
Victim Site: deviantsystems.nl - Website Defacement of Noverus by Threat Actor atig313
Category: Defacement
Content: Threat actor atig313, operating independently without a team affiliation, defaced a page on noverus.net on May 19, 2026. The defacement targeted a specific page (atig313.html) rather than the homepage, indicating a targeted single-page intrusion. Technical details such as the server OS, IP address, and attack vector were not disclosed in available intelligence.
Date: 2026-05-19T03:24:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924768
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Noverus
Victim Site: noverus.net - Combo list mix targeting USA and Europe distributed on forum
Category: Combo List
Content: A threat actor is distributing a mixed combolist of credential hits targeting users from the USA and Europe. The post advertises the list as exclusive and organized by country. No specific victim organization or record count is mentioned.
Date: 2026-05-19T03:23:37Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FBY-COUNTRIES%E2%AD%90%EF%B8%8FHITS-MIX-USA%E2%AD%90%EF%B8%8FEUROPE%E2%AD%90%EF%B8%8FEXCLUSIVE-COMBOLIST%E2%98%81%E2%AD%90%EF%B8%8F–2295170
Screenshots:
None
Threat Actors: hangover2055
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of noverussync.com by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, threat actor atig313 defaced a specific page on noverussync.com, targeting the URL path /atig313.html. The attacker operated without an affiliated team and executed a targeted single-page defacement rather than a mass or home page defacement. Technical details regarding the server infrastructure and attack vector remain unknown.
Date: 2026-05-19T03:23:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924770
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Noverus Sync
Victim Site: noverussync.com - Website Defacement of Sun and Fun IOC by Threat Actor atig313
Category: Defacement
Content: Threat actor atig313, operating without a known team affiliation, defaced the website sunandfuninoc.com on May 19, 2026, targeting a specific page (atig313.html). The incident was a targeted single-page defacement rather than a mass or home page defacement. Technical details such as server software and IP address were not disclosed.
Date: 2026-05-19T03:22:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924760
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Sun and Fun IOC
Victim Site: sunandfuninoc.com - Website Defacement of Wellman Plastics by atig313
Category: Defacement
Content: The website wellmanplastics.com was defaced by a threat actor operating under the handle atig313 on May 19, 2026. The attack was a targeted, single-site defacement and does not appear to be part of a mass or coordinated campaign. No team affiliation, stated motive, or technical server details were disclosed in connection with this incident.
Date: 2026-05-19T03:21:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924776
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Manufacturing / Plastics
Victim Organization: Wellman Plastics
Victim Site: wellmanplastics.com - Website Defacement of Hitkarni College of Commerce by atig313
Category: Defacement
Content: On May 19, 2026, the website of Hitkarni College of Commerce was defaced by threat actor atig313 operating without a team affiliation. The attack targeted a non-home page of the educational institutions website and was not part of a mass defacement campaign. The attackers motive and technical details regarding the server infrastructure remain unknown.
Date: 2026-05-19T03:20:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924762
Screenshots:
None
Threat Actors: atig313
Victim Country: India
Victim Industry: Education
Victim Organization: Hitkarni College of Commerce
Victim Site: hitkarnicollegeofcommerce.com - Website Defacement of Illuminati Network by Attacker atig313
Category: Defacement
Content: On May 19, 2026, the website illuminatinetwork.com was defaced by threat actor atig313, operating without a known team affiliation. The attack targeted a specific page on the domain rather than the homepage and was not conducted as part of a mass defacement campaign. Technical details such as server software and IP address were not disclosed in available reporting.
Date: 2026-05-19T03:19:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924772
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Entertainment/Media
Victim Organization: Illuminati Network
Victim Site: illuminatinetwork.com - Website Defacement of Sessions I Surf by atig313
Category: Defacement
Content: On May 19, 2026, the threat actor atig313 defaced the website sessionsisurf.com, targeting a specific page (atig313.html). The attack was carried out as a solo operation with no affiliated team. The incident was a single targeted defacement, not part of a mass or repeated defacement campaign.
Date: 2026-05-19T03:18:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924779
Screenshots:
None
Threat Actors: atig313
Victim Country: Unknown
Victim Industry: Recreation / Sports
Victim Organization: Sessions I Surf
Victim Site: sessionsisurf.com - Alleged data breach of Peets Coffee
Category: Data Breach
Content: A threat actor claims to be selling a partial database allegedly obtained from a May 2026 intrusion into Peets Coffee. The dataset reportedly contains 115,000 records including customer names, email addresses, phone numbers, and full mailing addresses. Sample data is provided containing apparent customer contact and account information.
Date: 2026-05-19T03:17:59Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=77032
Screenshots:
None
Threat Actors: zSenior
Victim Country: United States
Victim Industry: Food & Beverage
Victim Organization: Peets Coffee
Victim Site: peets.com - Website Defacement of Tahoe CPA by Threat Actor atig313
Category: Defacement
Content: On May 19, 2026, threat actor atig313 defaced a page on tahoecpa.net, a website associated with a CPA (Certified Public Accountant) firm likely operating in the Tahoe region of the United States. The defacement targeted a specific page (atig313.html) rather than the homepage, suggesting a targeted page-level intrusion. The attacker operated independently without an affiliated hacking team.
Date: 2026-05-19T03:17:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924774
Screenshots:
None
Threat Actors: atig313
Victim Country: United States
Victim Industry: Financial Services / Accounting
Victim Organization: Tahoe CPA
Victim Site: tahoecpa.net - Sale of URL:Log:Pass combo list via Daxus.pro
Category: Logs
Content: A threat actor operating under the handle Daxus is distributing a URL:LOG:PASS dataset containing approximately 7 million records via a hidden forum link. The content is advertised as UHQ and is associated with the Daxus.pro service and a Telegram channel. No specific victim organization or industry is identified.
Date: 2026-05-19T03:06:50Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-URL-LOG-PASS-7-00-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - SQL Web Hacking Tutorial Series Shared on Forum
Category: Vulnerability
Content: A forum post advertises a full series on SQL web hacking, attributed to a Telegram user at t.me/rootzeynusss. The post appears to be promoting educational or operational hacking content related to SQL injection techniques. No specific victim or dataset is identified.
Date: 2026-05-19T03:03:01Z
Network: openweb
Published URL: https://crackingx.com/threads/75730/
Screenshots:
None
Threat Actors: CRACKINGBOSS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Mass Defacement of Indonesian Educational Institution by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the handle Ushiromiya conducted a mass defacement campaign targeting the computer-based testing subdomain of MIT Al Hamid, an Indonesian educational institution. The defacement was part of a broader mass defacement operation, as indicated by the Is Mass Defacement flag. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-19T02:49:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249383
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIT Al Hamid School
Victim Site: cbt.mitalhamid.sch.id - Sale of fraudulent gift cards and booking services across multiple retailers
Category: Carding
Content: A threat actor is offering discounted gift cards for numerous major retailers and brands, as well as fraudulent bookings for hotels, airlines, and car rentals at 50% off. The listings span dozens of brands including Visa, Amazon, Apple, and Walmart gift cards. Contact is directed to a Telegram account, suggesting an ongoing fraud operation.
Date: 2026-05-19T02:44:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%80%A6-AVAILABLE-RESTOCKED-GC%E2%80%99s-FOR-ALL-STORES
Screenshots:
None
Threat Actors: FortRow
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown - Sale of verified crypto exchange and bank accounts
Category: Carding
Content: A threat actor is offering fully verified accounts for numerous cryptocurrency exchanges and e-wallets (including Binance, Coinbase, Kraken, and others) as well as bank and payment service accounts (including Revolut, Wise, Monzo, and others). Each account purportedly includes full access to associated email, account credentials, and phone numbers. The seller advertises via Telegram under the handle @StyleCarding.
Date: 2026-05-19T02:44:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-FULLY-VERIFIED-ACCOUNTS-CRYPTO-EXCHANGES-BANK–204688
Screenshots:
None
Threat Actors: Grwateef
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Sale of stolen payment cards, dumps, and financial account credentials
Category: Carding
Content: A threat actor is offering stolen credit/debit card data (CC+CVV, dumps with/without PIN) covering USA, EU, and worldwide regions, claiming 90-100% validity. The seller also advertises stolen PayPal, CashApp, and verified bank/wallet accounts, carding tutorials, and goods ordering services for major retailers at 20-60% of cost.
Date: 2026-05-19T02:44:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9C%94%EF%B8%8FDUMPS-CC-CVV-CLONE-CARDS-PAYPAL-CASHAPP-ACCOUNTS%E2%9C%94%EF%B8%8F–204690
Screenshots:
None
Threat Actors: ReaCZion
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged website defacement of tree.leepoet.com by C10F/X404
Category: Defacement
Content: Indonesian defacer group C10F/X404 claims to have defaced multiple pages on tree.leepoet.com, including numbered pages (401-4010) and custom pages (readme.html, Defacer.html, dan.html, C10F.html). The defacement was announced by the Rakyat Digital Crew channel.
Date: 2026-05-19T02:44:03Z
Network: telegram
Published URL: https://t.me/c/3755871403/529
Screenshots:
None
Threat Actors: C10F
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: tree.leepoet.com
Victim Site: tree.leepoet.com - Mass defacement of Indonesian educational institution by Ushiromiya
Category: Defacement
Content: On May 19, 2026, a threat actor operating under the alias Ushiromiya conducted a mass defacement attack targeting the Computer-Based Testing (CBT) subdomain of MIASS Homadiyah, an Indonesian educational institution. The attack was carried out on a Linux-based server and is classified as part of a mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-19T02:43:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249382
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIASS Homadiyah School
Victim Site: cbt.miasshomadiyah.sch.id - Forum discussion on darknet marketplace vendor acquisition strategies
Category: Chatter
Content: A Dread forum user is seeking advice on recruiting vendors to a newly launched darknet marketplace. The post explicitly disclaims any intent to advertise and poses operational questions about vendor acquisition. No specific threat content, victim, or illicit data is present.
Date: 2026-05-19T02:40:12Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/aac3d34cfda372a3c4b9
Screenshots:
None
Threat Actors: high_waymarket 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List: 13 Million UHQ Gmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 13 million UHQ Gmail credentials marketed as fresh. The post is sponsored by an AIO tool service. Gmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T02:37:26Z
Network: openweb
Published URL: https://cracked.st/Thread-13M-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2 million Hotmail credentials marketed as fresh and high quality. The post is sponsored by an external site, suggesting a commercial offering. This is a credential stuffing resource, not a breach of Hotmail itself.
Date: 2026-05-19T02:37:05Z
Network: openweb
Published URL: https://cracked.st/Thread-2M-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Outlook combo list with 720K credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 720K UHQ Outlook credentials marketed as fresh. The post is sponsored by vows.solutions and was shared on a public cracking forum.
Date: 2026-05-19T02:36:16Z
Network: openweb
Published URL: https://cracked.st/Thread-720K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 4.5 million mixed email credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 4.5 million mixed email credentials, marketed as fresh. The list is sponsored by vows.solutions and shared on a public cracking forum.
Date: 2026-05-19T02:35:58Z
Network: openweb
Published URL: https://cracked.st/Thread-4-5M-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of crypto exchange account unlock and KYC bypass service
Category: Services
Content: A threat actor is advertising a service to unlock blocked cryptocurrency exchange accounts on platforms including Binance, KuCoin, and MEXC, charging a percentage of the recovered balance. The service includes bypassing Sumsub and selfie-based KYC verification requirements. The offering is also available for resale via a referral program.
Date: 2026-05-19T02:35:10Z
Network: openweb
Published URL: https://cracked.st/Thread-UNLOCK-CRYPTO-EXCHANGE-ACCOUNTS-%E2%80%A2-BINANCE-%E2%80%A2-KUCOIN-%E2%80%A2-MEXC-ETC-SUMSUB-OR-SELFIE-KYC
Screenshots:
None
Threat Actors: INARIUSX
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ Hotmail combo list with 1,727 valid credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 1,727 claimed valid Hotmail credentials on a combolist forum. The content is hidden behind a registration or login wall. The post markets the credentials as UHQ (ultra-high quality) and includes a private cloud mix.
Date: 2026-05-19T02:33:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-x1727-valid-uhq-hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa04
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of partytime.gr
Category: Data Breach
Content: A threat actor shared an SQL database dump allegedly sourced from partytime.gr, dating to approximately 2023-2024. The dump contains customer records including full names, email addresses, hashed passwords, birthdates, and registration metadata from a PrestaShop-based platform. Approximately 2,800 records are included and the original leaker is unknown.
Date: 2026-05-19T02:30:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-partytime-gr
Screenshots:
None
Threat Actors: omni777
Victim Country: Greece
Victim Industry: Retail
Victim Organization: Party Time
Victim Site: partytime.gr - Alleged sale of RDP access, email accounts, and compromised service subscriptions
Category: Initial Access
Content: Threat actor offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure ($200), along with domain email accounts (Gmail, Yahoo), GitHub Student accounts, ChatGPT Plus, Claude 20x Max Plan, and ElevenLabs Creator Plan subscriptions. Seller claims limited stock available and offers escrow service for transactions.
Date: 2026-05-19T02:25:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/84619
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Felcloud Netherlands VPS Hosting Service Advertisement
Category: Services
Content: A forum post advertises Felcloud, a VPS hosting service based in the Netherlands. No further content was available for analysis. This appears to be a commercial hosting service offering targeted at forum members.
Date: 2026-05-19T02:13:58Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=20526
Screenshots:
None
Threat Actors:
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Purchase request for private French databases
Category: Alert
Content: A forum user is soliciting private, non-leaked French databases from other members. The post does not specify the type of data sought or any particular organization. Contact is requested via Telegram.
Date: 2026-05-19T02:12:00Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76739
Screenshots:
None
Threat Actors: ARPANET744
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - France Email:Password Combo List
Category: Combo List
Content: A threat actor on a darknet forum is distributing a combo list of approximately 1.87 million email:password pairs purportedly associated with French users. The credentials are marketed as fresh and high quality, dated May 17, 2026. Access requires account upgrade or thread reply.
Date: 2026-05-19T02:10:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76900
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Germany Dating Combo List (162K)
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 162,000 credentials targeting German dating platforms. The content is hidden behind a reply or account upgrade requirement. No specific victim organization is identified.
Date: 2026-05-19T02:09:41Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76887
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting French email and password credentials
Category: Combo List
Content: A threat actor on a dark web forum is distributing a combo list of approximately 1.3 million email and password pairs purportedly associated with French users. The credentials are marketed as fresh and high quality, dated May 16, 2026. Access to the list requires replying to the thread or upgrading a forum account.
Date: 2026-05-19T02:08:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76669
Screenshots:
None
Threat Actors: Max_Leaks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list of United States mail:password credentials
Category: Combo List
Content: A threat actor on a dark web forum has shared a combo list containing over 100,000 United States email:password pairs, marketed as ultra high quality. The content is hidden behind a reply gate or account upgrade requirement.
Date: 2026-05-19T02:08:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76749
Screenshots:
None
Threat Actors: dumpzeta
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of Guatemala email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 10,000 email:password credential pairs associated with Guatemala. The credentials are marketed as fresh and high quality, shared via hidden content requiring a reply or account upgrade.
Date: 2026-05-19T02:07:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76908
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of stealer logs (1.3GB, dated May 2026)
Category: Logs
Content: A forum user is offering 1.3GB of stealer logs dated May 15, 2026, behind a reply-gate or paid upgrade wall. No specific victim organization or geographic targeting is disclosed in the visible post content.
Date: 2026-05-19T02:05:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76644
Screenshots:
None
Threat Actors: black_cloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of stealer logs (5,191 logs)
Category: Logs
Content: A threat actor distributed 5,191 stealer logs via a public file-sharing link on a dark web forum. The logs are described as fresh and were made available for free download. No specific victim organization or country was identified.
Date: 2026-05-19T02:04:51Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76648
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of stealer logs mix (1,700 records)
Category: Logs
Content: A threat actor operating under the alias fatetraffic has freely distributed a mixed stealer log dump dated 16-05-2026, comprising approximately 1,700 records. The logs were shared via a Pixeldrain link with a password. No specific victim organization or country was identified.
Date: 2026-05-19T02:04:00Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76679
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free distribution of stealer log combo lines (ULP format)
Category: Logs
Content: A threat actor on a dark web forum is freely distributing over 7.1 million URL:Login:Password credential lines marketed as fresh, dated May 26. The content is shared as a hidden download requiring a forum reply or account upgrade to access.
Date: 2026-05-19T02:03:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76715
Screenshots:
None
Threat Actors: 6666666666666666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of stealer logs (1.6GB, fresh)
Category: Logs
Content: A forum user is offering 1.6GB of stealer logs dated 16-05-2026, marketed as fresh. The content is hidden behind a reply-gate or account upgrade. No specific victim organization or country is identified.
Date: 2026-05-19T02:02:43Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76747
Screenshots:
None
Threat Actors: black_cloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Stealer Logs and ULP Combo List Shared on Dark Forum
Category: Logs
Content: A threat actor shared stealer logs and a URL:Login:Password (ULP) dataset via file hosting links on a dark web forum. The content is password-protected and marketed as fresh stealer output. No specific victim organization or record count was disclosed.
Date: 2026-05-19T02:01:59Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76748
Screenshots:
None
Threat Actors: watercloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Distribution of stealer logs (ULP format, 27 GB compressed)
Category: Logs
Content: A threat actor on a dark web forum is sharing 27.02 GB of compressed stealer logs in URL:Login:Password (ULP) format, marketed as fresh and high quality. The content is gated behind forum replies or an account upgrade.
Date: 2026-05-19T02:01:18Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76898
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged initial access to UAE Ministry of Human Resources and Emiratisation (MOHRE)
Category: Initial Access
Content: A threat actor claiming affiliation with Iran alleges to have gained unauthorized access to the UAE Ministry of Human Resources and Emiratisation (MOHRE). The post includes a session token as proof of access. The message contains politically motivated language directed at the UAE government.
Date: 2026-05-19T02:00:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76805
Screenshots:
None
Threat Actors: simplex29
Victim Country: United Arab Emirates
Victim Industry: Government
Victim Organization: Ministry of Human Resources and Emiratisation (MOHRE)
Victim Site: mohre.gov.ae - Alleged data breach of ANDE (Administración Nacional de Electricidad) Paraguay
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from ande.gov.py, the official site of Paraguays national electricity administration. The dataset reportedly contains 50,000 records in CSV/SQL format including full names, email addresses, phone numbers, physical addresses, and customer identifiers. Sample data suggests the records originate from a customer complaint or contact form system.
Date: 2026-05-19T01:59:23Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76642
Screenshots:
None
Threat Actors: camillaDF
Victim Country: Paraguay
Victim Industry: Government
Victim Organization: ANDE – Administración Nacional de Electricidad
Victim Site: ande.gov.py - Alleged data breach of Egypts Professional Academy for Teachers
Category: Data Breach
Content: A threat actor is offering for sale data allegedly obtained from Egypts Professional Academy for Teachers, claiming to possess records on 1.2 million teachers (including 200K Azhar teachers), STEM student data, teacher images, Microsoft Access files, and MSSQL backups totaling over 80GB uncompressed. The dataset reportedly spans multiple government entities. The actor is soliciting buyers via Session messenger.
Date: 2026-05-19T01:58:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76683
Screenshots:
None
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Professional Academy for Teachers
Victim Site: Unknown - Alleged data breach of vigedo.de
Category: Data Breach
Content: A threat actor is offering an alleged database dump from vigedo.de containing approximately 110,000 records in CSV/SQL format. The sample data includes customer IDs, MD5/bcrypt-hashed passwords, email addresses, full names, birthdates, and customer numbers. The post was shared on a dark web forum with contact details for the seller.
Date: 2026-05-19T01:58:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76686
Screenshots:
None
Threat Actors: camillaDF
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Vigedo
Victim Site: vigedo.de - Alleged data breach of Rocks & Gold jewelry store (Israel)
Category: Data Leak
Content: A threat actor leaked an alleged SQL database dump containing 3,500 rows of customer PII from Rocks & Gold, an Israeli boutique jewelry retailer. The exposed data reportedly includes usernames, hashed passwords, names, and email addresses. The data was shared freely on a dark web leaks forum.
Date: 2026-05-19T01:57:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76688
Screenshots:
None
Threat Actors: BigBrother
Victim Country: Israel
Victim Industry: Retail
Victim Organization: Rocks & Gold
Victim Site: rocksandgold.co.il - Alleged data breach of tavifa.ru
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from tavifa.ru, a Russian website, containing approximately 100,000 records in CSV-SQL format. The sample data includes user IDs, usernames, email addresses, and hashed passwords with salts. The data appears to originate from a Joomla-based platform based on the schema structure.
Date: 2026-05-19T01:56:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76745
Screenshots:
None
Threat Actors: camillaDF
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Tavifa
Victim Site: tavifa.ru - Alleged data breach of MyVete
Category: Data Breach
Content: A threat actor is selling an alleged database dump from MyVete, a veterinary practice management software platform. The dataset purportedly contains personally identifiable information on over 5.5 million users, totaling 30 GB, with a dump date of 2026. The seller is asking $4,000 and provides contact via Session, Signal, and Telegram.
Date: 2026-05-19T01:55:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76751
Screenshots:
None
Threat Actors: Kazu
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: MyVete
Victim Site: myvete.com - Alleged data breach of HealthDaq Ireland
Category: Data Breach
Content: A threat actor is offering for sale 431 GB of data allegedly exfiltrated from HealthDaq, an Irish healthcare staffing software and services company. The dataset purportedly contains 457,188 files including identity documents, passports, driving licenses, professional certificates, criminal background checks, vaccine records, and other sensitive personal documents. The data is being sold for $7,000 USD with samples available via Telegram.
Date: 2026-05-19T01:54:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76752
Screenshots:
None
Threat Actors: Kazu
Victim Country: Ireland
Victim Industry: Healthcare
Victim Organization: HealthDaq
Victim Site: healthdaq.com - Alleged data breach of HT Médica (Health Time Spain)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from HT Médica, a Spanish medical imaging and radiology diagnostic center operating across 20+ locations in Spain. The dataset purportedly contains records for approximately 2.25 million users, with a asking price of $4,000. The actor provides contact details via Session, Signal, and Telegram, and references a sample posted to a Telegram channel.
Date: 2026-05-19T01:54:00Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76753
Screenshots:
None
Threat Actors: Kazu
Victim Country: Spain
Victim Industry: Healthcare
Victim Organization: HT Médica
Victim Site: htmedica.com - Request for Cookie/Infostealer Malware on Dark Web Forum
Category: Chatter
Content: A forum user on Dread is soliciting recommendations for a cookie or infostealer malware capable of being delivered via email (mailable). No specific target or victim is identified. The post is a procurement request with no associated threat actor capability disclosed.
Date: 2026-05-19T01:53:29Z
Network: tor
Published URL: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/a297c3a03f36a8c69ad3
Screenshots:
None
Threat Actors: trigratio 🍼
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Statistics South Africa
Category: Data Breach
Content: A threat actor is selling an alleged 154 GB dataset attributed to Statistics South Africa, the countrys official national statistics agency. The dump reportedly contains 453,362 files dated 2026 and is offered for $2,000. The seller provides sample links and multiple contact channels.
Date: 2026-05-19T01:53:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76754
Screenshots:
None
Threat Actors: Kazu
Victim Country: South Africa
Victim Industry: Government
Victim Organization: Statistics South Africa
Victim Site: statssa.gov.za - Sale of discounted AI platform credits for PayPerQ service
Category: Services
Content: A forum seller is offering discounted balance top-ups for the PayPerQ (ppq.ai) AI platform at 50% off, providing access to 400+ AI models including OpenAI, Anthropic, and others. The service is advertised as requiring only the buyers Credit ID and no login credentials. The legitimacy of these credits and their sourcing is unverified.
Date: 2026-05-19T01:52:44Z
Network: openweb
Published URL: https://cracked.st/Thread-50-OFF-Claude-Opus-4-7-GPT-5-5-PRO-Kling3-Pro-Eleven-Labs-and-400-model
Screenshots:
None
Threat Actors: Mr3olba
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Gauteng City Region Academy (GCRA)
Category: Data Breach
Content: A threat actor operating under the alias Kazu is selling an alleged 147GB dataset from Gauteng City Region Academy (GCRA), a government-funded student bursary program in South Africa. The offering includes 429,473 files purportedly dumped in 2026, priced at $2,000. Samples are available via Telegram, and contact is provided through Session, Signal, and Telegram channels.
Date: 2026-05-19T01:52:37Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76755
Screenshots:
None
Threat Actors: Kazu
Victim Country: South Africa
Victim Industry: Education
Victim Organization: Gauteng City Region Academy (GCRA)
Victim Site: gcrabursary.gauteng.gov.za - Alleged data breach of Natclar (S.G. Natclar S.A.C.)
Category: Data Breach
Content: A threat actor is offering for sale an alleged 1.8 TB dataset attributed to Natclar, a Peruvian occupational health services company. The dataset purportedly contains 7.6 million files, 800,000 user records, and 1.7 million appointment records, with an asking price of $20,000. Given the nature of Natclars services in occupational medicine and workforce health management, the data likely includes sensitive medical and personal information.
Date: 2026-05-19T01:51:56Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76756
Screenshots:
None
Threat Actors: Kazu
Victim Country: Peru
Victim Industry: Healthcare
Victim Organization: S.G. Natclar S.A.C.
Victim Site: natclar.com.pe - Alleged data breach of Gauteng Provincial Government
Category: Data Breach
Content: A threat actor identified as Kazu is selling an alleged 3.8 TB dataset comprising 3,673,556 files purportedly exfiltrated from the Gauteng Provincial Government of South Africa. The data is reported to encompass information related to government departments, public programs, healthcare, education, housing, and economic development. The seller is asking $25,000 and provides contact via Session, Signal, and Telegram with samples hosted on Telegram.
Date: 2026-05-19T01:51:17Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76758
Screenshots:
None
Threat Actors: Kazu
Victim Country: South Africa
Victim Industry: Government
Victim Organization: Gauteng Provincial Government
Victim Site: gauteng.gov.za - Alleged data leak of Dubai Sports Council (DSC) documents
Category: Data Breach
Content: A threat actor operating under the Hexogenous Group is selling an alleged dataset from the Dubai Sports Council, a Dubai government entity. The offering includes 336 files comprising NOCs, permits, event information, certificates, licenses, invitations, approvals, and marketing materials. The dataset is being offered for sale at $500, described as negotiable.
Date: 2026-05-19T01:50:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76845
Screenshots:
None
Threat Actors: hexogenous
Victim Country: United Arab Emirates
Victim Industry: Government
Victim Organization: Dubai Sports Council
Victim Site: Unknown - Alleged data leak of Vimasistem financial software platform exposing multiple Ecuadorian credit cooperatives
Category: Data Leak
Content: A threat actor has freely shared approximately 35 GB of data allegedly exfiltrated from a cloud server belonging to Vimasistem, a financial software provider serving Ecuadorian savings and credit cooperatives. The leak reportedly affects at least 14 member cooperatives and includes highly sensitive personal data such as full names, national ID numbers, biometric fingerprint codes, dates of birth, addresses, phone numbers, email addresses, and account numbers from 2024 and 2025. Sample records wi
Date: 2026-05-19T01:49:58Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76846
Screenshots:
None
Threat Actors: Tost0n
Victim Country: Ecuador
Victim Industry: Finance
Victim Organization: Vimasistem
Victim Site: vimasistem.com - Alleged leak of Brazilian personal fullz including identity documents and credentials
Category: Combo List
Content: A threat actor shared Brazilian fullz data including full name, national ID (RG), CPF, date of birth, mothers name, home address, phone numbers, email addresses, old passwords, CNPJ business registration details, and copies of identity documents such as RG, CPF, CNH, bank information, and tax records. The post includes a link to document copies. The data pertains to at least one identified individual with associated business registration.
Date: 2026-05-19T01:49:38Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Brazilian-Fullz
Screenshots:
None
Threat Actors: Deuteronomy3235
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of fresh Australian payment card data
Category: Carding
Content: A threat actor is selling fresh Australian credit card data including cardholder name, card number, expiry, and CVV. Cards are priced individually on a tiered scale starting at $5 per card.
Date: 2026-05-19T01:49:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76649
Screenshots:
None
Threat Actors: lazarus
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of OSINT/doxxing service targeting lawyers in Baja California, Mexico
Category: Services
Content: A threat actor is selling a doxxing service for $100 USD that claims to retrieve personal information on any lawyer registered in the state of Baja California, Mexico. Data exposed includes full name, national IDs (CURP, RFC, Voter ID), date of birth, home and office addresses, phone numbers, email addresses, and personal documents. The service is advertised in a darkforum sellers section with contact via Signal.
Date: 2026-05-19T01:48:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76654
Screenshots:
None
Threat Actors: Thelizard001
Victim Country: Mexico
Victim Industry: Legal
Victim Organization: Unknown
Victim Site: Unknown - Sale of access to Mexican student and electoral (INE) personal data via Telegram bot
Category: Data Breach
Content: A threat actor is promoting a Telegram bot offering queries against an alleged database of students from across Mexico and the National Electoral Institute (INE), containing extensive personal data including full name, CURP, date of birth, contact details, home address, emergency contacts, medical records (blood type, disabilities, illnesses, allergies, medications), COVID-19 vaccination status, and employment information. The actor states a partial leak previously released represents approximat
Date: 2026-05-19T01:47:19Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76657
Screenshots:
None
Threat Actors: Alz_157s
Victim Country: Mexico
Victim Industry: Government
Victim Organization: National Electoral Institute (INE) / Mexican Student Database
Victim Site: ine.mx - Sale of Armenian residents personal database with 82,000 records
Category: Data Breach
Content: A threat actor is offering for sale a database purportedly containing personal information of Armenian residents, including phone numbers, first and last names, email addresses, and dates of birth. The dataset contains approximately 82,000 records and is advertised with a stated data relevance date of May 15, 2026. The seller is asking $400 and can be contacted via Telegram.
Date: 2026-05-19T01:46:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76675
Screenshots:
None
Threat Actors: c0mmandor
Victim Country: Armenia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of PHI and medical data from Western European healthcare sector
Category: Data Breach
Content: A threat actor is offering for sale over 500 GB of data allegedly originating from Western European healthcare organizations, including professional, citizen, and clinical data, 200+ GB of source code, 1.5 million PHI documents, and private keys enabling direct API queries to European Vaccination Card infrastructure. The seller claims the dataset spans multiple countries and is available for long or short-term arrangements. The inclusion of vaccination card private keys and PHI at this scale rep
Date: 2026-05-19T01:46:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76699
Screenshots:
None
Threat Actors: cutecar
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown - Sale of IRS Tax Payment Phishing Page
Category: Phishing
Content: A threat actor is selling a phishing page impersonating the IRS tax payment portal. The scam page is designed to harvest victims personal details (full name, address, SSN, DOB, phone, email) as well as full payment card details (card number, expiry, CVV2). The seller indicates the info fields can be customized upon request.
Date: 2026-05-19T01:45:21Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76701
Screenshots:
None
Threat Actors: tgov02
Victim Country: United States
Victim Industry: Government
Victim Organization: Internal Revenue Service
Victim Site: irs.gov - Alleged data breach of Serbian Ministry of Interior (MUP) Foreigners Citizen Sector
Category: Data Breach
Content: A threat actor claims to have breached the Serbian Ministry of Interior (MUP) Foreigners Office database, extracting 180,000 records dated 2024–2026. The dataset allegedly includes personal data on 150,000 foreign nationals (passport numbers, visa/SSN IDs, residency application details) and 30,000 Serbian citizens (full names and JMBG national ID numbers). The actor is offering the database for sale and has extended an extortion offer to Serbian authorities for permanent deletion of the data.
Date: 2026-05-19T01:44:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76703
Screenshots:
None
Threat Actors: vvvv
Victim Country: Serbia
Victim Industry: Government
Victim Organization: Serbian Ministry of Interior (MUP)
Victim Site: mup.gov.rs - Alleged data breach of Vandenborre
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from Belgian electronics retailer Vandenborre (vandenborre.be) containing approximately 264,000 records. The dataset is structured across three sections — Contacts, Order History, and Support Tickets — and includes personal details such as names, email addresses, phone numbers, birth dates, job titles, billing and shipping addresses, payment methods, and customer satisfaction scores. The actor is soliciting buyers via Telegram and provides s
Date: 2026-05-19T01:43:52Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76721
Screenshots:
None
Threat Actors: Databroker1
Victim Country: Belgium
Victim Industry: Retail
Victim Organization: Vandenborre
Victim Site: vandenborre.be - Alleged data breach of Egypt Ministry of Tourism (Ministry of Interior affiliate)
Category: Data Breach
Content: A threat actor claims to be selling databases belonging to the Egyptian Ministry of Tourisms employee management platform, affiliated with the Ministry of Interior. The alleged dataset contains approximately 700,000 employee PII records including national numbers, educational qualifications, birth certificates, health certificates, and profile pictures, totaling 547GB. A contact session ID and hidden sample are provided for prospective buyers.
Date: 2026-05-19T01:43:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76727
Screenshots:
None
Threat Actors: Revesky
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Ministry of Tourism Egypt (Ministry of Interior)
Victim Site: moi.gov.eg - Alleged data breach of e-Distribution (Trilix system) in Croatia
Category: Data Breach
Content: A threat actor claims to have breached the Trilix system used by e-Distribution in Croatia, allegedly extracting 300,000 records spanning 2019–2026. The dataset reportedly includes transaction data from 14,597 terminals, employee personally identifiable information (email, phone, national ID, home address), support tickets, and WebTerminal user lists. The actor is offering the database for sale and has issued a notice to Croatian authorities offering to negotiate a non-disclosure agreement.
Date: 2026-05-19T01:42:32Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76737
Screenshots:
None
Threat Actors: breachovan
Victim Country: Croatia
Victim Industry: Retail
Victim Organization: e-Distribution
Victim Site: Unknown - Sale of alleged Salesforce customer data affecting ~1 billion records across multiple organizations
Category: Data Breach
Content: A threat actor on a darknet forum is selling an alleged dataset of approximately 989.45 million to 1 billion+ records attributed to Salesforce, Inc. The data is claimed to include records from dozens of major organizations including Toyota, FedEx, Disney, UPS, Marriott, and others, with individual datasets ranging from megabytes to over a terabyte. The seller is directing interested buyers to a Telegram channel and has posted a sample link.
Date: 2026-05-19T01:41:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76740
Screenshots:
None
Threat Actors: HiddenHq
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Salesforce
Victim Site: salesforce.com - Sale of KYC-verified accounts and identity verification services for financial and crypto platforms
Category: Services
Content: A threat actor operating as NOIRE SERVICE is advertising a drop service offering KYC-verified accounts, identity verifications, and associated credentials for banks, crypto exchanges, payment systems, SIM cards, and other regulated platforms across multiple regions including the USA, EU, CIS, and Asia. The service claims to use real manual drops with genuine identity documents and no resellers. Custom orders using client-supplied personal data are also offered.
Date: 2026-05-19T01:41:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76773
Screenshots:
None
Threat Actors: NOIRE_SERVICE
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of URL-Login-Password combo lists
Category: Combo List
Content: A threat actor is sharing or selling URL-Login-Password (ULP) combo lists labeled as private dumps from May 2026. The post references two separate ULP datasets with no additional details on record count, origin, or targeted services.
Date: 2026-05-19T01:40:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-ULP-URL-LOGIN-PASS-DUMP-PRIVATE-MAY-2026
Screenshots:
None
Threat Actors: Adrien668999
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of OTS International (Okinawa Tourist Service)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from otsinternational.jp, the official global website of Okinawa Tourist Service, a major Japanese travel and transportation company. The dataset purportedly contains over 600,000 customer records including names, addresses, phone numbers, email addresses, dates of birth, and driver license details, along with approximately 4,371 ID card images (front and back). The seller is offering exclusive access to a single buyer for $2,400.
Date: 2026-05-19T01:40:21Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76781
Screenshots:
None
Threat Actors: sexybroker
Victim Country: Japan
Victim Industry: Travel & Transportation
Victim Organization: Okinawa Tourist Service (OTS)
Victim Site: otsinternational.jp - Digital business marketplace service advertised on dark forum
Category: Services
Content: A forum user is advertising a Telegram-based marketplace channel for buying and selling digital businesses, bots, and online projects. The service claims to offer escrow-secured ownership transfers and targets buyers and sellers of revenue-generating digital assets. No specific victim or threat activity is associated with this post.
Date: 2026-05-19T01:39:36Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76782
Screenshots:
None
Threat Actors: OnlyHit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Janfadaa
Category: Data Breach
Content: A threat actor claiming to be the 1877 Team alleges they breached the master node of Janfadaa, an Iranian platform described as voluntarily recruiting people for possible war. The actor claims approximately 31 million records were obtained and states a sample will be shared soon via Telegram.
Date: 2026-05-19T01:38:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76843
Screenshots:
None
Threat Actors: 1877
Victim Country: Iran
Victim Industry: Government
Victim Organization: Janfadaa
Victim Site: janfadaa.ir - Alleged data breach of PSPF Zambia Pension Fund
Category: Data Breach
Content: A threat actor is selling two databases allegedly obtained from the PSPF Zambia Pension Fund, containing a combined 10,927 unique records matched via NRC. The data includes full personal identifiers (name, DOB, NRC, SSN, email, phone, residential address, province), pension history, membership numbers, and links to scanned approval documents. The seller is asking 11,500 USDT or BTC and explicitly markets the data for loan fraud, benefit fraud, SIM swapping, and impersonation.
Date: 2026-05-19T01:38:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76854
Screenshots:
None
Threat Actors: tungtungsapolla
Victim Country: Zambia
Victim Industry: Finance
Victim Organization: PSPF Zambia Pension Fund
Victim Site: Unknown - Alleged data breach of topia.dk
Category: Data Breach
Content: A forum post in the Databases section references topia.dk, suggesting a potential data breach or database leak associated with the Danish domain. No further details, record counts, or data types are available from the post content.
Date: 2026-05-19T01:36:27Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-topia-dk
Screenshots:
None
Threat Actors: omni777
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Topia
Victim Site: topia.dk - Alleged cyber attack and doxxing threat against CICPC (Venezuela) by L4TAMFUCK3RS
Category: Cyber Attack
Content: Threat actors operating under the name L4TAMFUCK3RS issued a public ultimatum to Venezuelas CICPC law enforcement agency, claiming to possess sensitive personal data on officers and their families. The post includes a sample dox of an individual identified as a CICPC cybercrime official, containing full name, national ID, email, phone numbers, and home address. The group threatens to publicly release the complete dataset, including private communications and photos, unless the agency ceases all
Date: 2026-05-19T01:35:56Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76890
Screenshots:
None
Threat Actors: Izanagi
Victim Country: Venezuela
Victim Industry: Government
Victim Organization: CICPC (Cuerpo de Investigaciones Científicas, Penales y Criminalísticas)
Victim Site: Unknown - Alleged data leak of energy-te.com customer database
Category: Data Leak
Content: A threat actor leaked an SQL database dump attributed to energy-te.com, reportedly originating from a 2023–2024 breach. The dataset contains approximately 1,200 customer order records including full names, email addresses, mobile phone numbers, company names, and order financial details. The data was shared freely on a dark web forum with the leaker described as unknown.
Date: 2026-05-19T01:35:29Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-energy-te-com
Screenshots:
None
Threat Actors: omni777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: energy-te.com
Victim Site: energy-te.com - Sale of Shopping, Target, and Yahoo combo list with 1.76 million lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.76 million email:password lines marketed as fresh, referencing Shopping, Target, and Yahoo credentials. Based on forum context, this appears to be a credential stuffing list intended for use against consumer accounts. No specific breach victim is identified.
Date: 2026-05-19T01:34:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-761-550-Lines-%E2%9C%85-Shopping-Target-Yahoo-Combolist-Fresh-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List of 17,000 UK Gmail credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 17,000 Gmail email:password pairs attributed to United Kingdom users. The credentials are marketed as ultra high quality and were distributed via the forum. Gmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-19T01:34:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-17-000-GMAIL-UNITED-KINGDOM-MAIL-PASSWORD-DATA-ULTRA-HIGH-QUALITY
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of inventra.online
Category: Data Leak
Content: A threat actor has freely shared an SQL database dump allegedly belonging to inventra.online, containing approximately 10,000 customer and supplier records. The dataset includes names, phone numbers, and address fields, with the leaker noting no email addresses are present. The leak is attributed to an unknown actor and reportedly dates to 2023–2024.
Date: 2026-05-19T01:34:18Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-inventra-online
Screenshots:
None
Threat Actors: omni777
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Inventra
Victim Site: inventra.online - Sale of Azure Checker Pro 2026 credential stuffing tool
Category: Combo List
Content: A forum user is advertising the sale of a tool called Azure Checker Pro 2026, described as a credential-checking or account-verification tool targeting Azure services. The post is a bump to an existing sales thread with no additional technical details provided.
Date: 2026-05-19T01:34:13Z
Network: openweb
Published URL: https://cracked.st/Thread-RE-SELL-AZURE-CHECKER-PRO-2026
Screenshots:
None
Threat Actors: pkha0202
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of UHQ fullz (full personal information packages)
Category: Carding
Content: A threat actor operating under the alias Necrophil is advertising a fullz (full personal information packages) selling service on a cybercrime forum. The seller claims to offer ultra-high quality (UHQ) fullz at cheap prices and references over 2,000 vouches as credibility. Contact is directed to Telegram channels and a personal account.
Date: 2026-05-19T01:33:34Z
Network: openweb
Published URL: https://cracked.st/Thread-ZxZ-UHQ-Fullz-Services
Screenshots:
None
Threat Actors: Necrophil
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of myhomemadeporn.com
Category: Data Breach
Content: A threat actor shared an alleged SQL database dump from myhomemadeporn.com containing approximately 38,000 customer records. The leaked data includes usernames, hashed passwords, email addresses, IP addresses, country IDs, profile details, and account activity metadata. The leak is attributed to an unknown actor and is believed to have occurred sometime in 2023–2024.
Date: 2026-05-19T01:33:17Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-myhomemadeporn-com
Screenshots:
None
Threat Actors: omni777
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: myhomemadeporn.com
Victim Site: myhomemadeporn.com - Alleged data leak of Politeknik Negeri Semarang (poltekssn.ac.id) by Brotherhood Capung Indonesia
Category: Data Leak
Content: Brotherhood Capung Indonesia (BCI) threat actor claims to have leaked data from Politeknik Negeri Semarang (poltekssn.ac.id), an Indonesian state polytechnic institution. The leak was announced via forwarded message in Rakyat Digital Crew channel with hashtags #LEAK and #BROTHEROODCAPUNGINDONESIA.
Date: 2026-05-19T01:32:47Z
Network: telegram
Published URL: https://t.me/brotheroodbci/217
Screenshots:
None
Threat Actors: Brotherhood Capung Indonesia
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Politeknik Negeri Semarang
Victim Site: poltekssn.ac.id - Alleged data leak of sexyhomewife.com
Category: Data Leak
Content: A threat actor has freely shared an SQL database dump allegedly sourced from sexyhomewife.com, an adult content subscription site, with the leak dated to approximately 2023-2024. The dump contains approximately 5,000 customer records including names, email addresses, usernames, passwords, physical addresses, IP addresses, and payment subscription details processed via CCBill.
Date: 2026-05-19T01:32:26Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-sexyhomewife-com
Screenshots:
None
Threat Actors: omni777
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: Sexy Home Wife
Victim Site: sexyhomewife.com - Alleged data leak of VitalHub Colombia
Category: Data Leak
Content: A threat actor leaked an SQL database allegedly belonging to vitalhubcolombia.com, containing approximately 4,000 customer records. The dump includes personally identifiable information such as full names, identification numbers, dates of birth, gender, addresses, phone numbers, email addresses, blood type, marital status, and occupation. The leak is attributed to an unknown actor and is associated with a 2023–2024 timeframe.
Date: 2026-05-19T01:31:31Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-vitalhubcolombia-com
Screenshots:
None
Threat Actors: omni777
Victim Country: Colombia
Victim Industry: Healthcare
Victim Organization: VitalHub Colombia
Victim Site: vitalhubcolombia.com - Alleged data leak of blueservices-mexico.com
Category: Data Leak
Content: A threat actor leaked an alleged SQL database dump from blueservices-mexico.com, a Mexican automotive services platform, containing approximately 2.2 million customer records. The exposed data includes full names, email addresses, tax IDs (RFC), VINs, license plate numbers, service records, and transaction pricing. The leak is attributed to an unknown actor and is believed to originate from a 2023–2024 breach.
Date: 2026-05-19T01:30:43Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-blueservices-mexico-com
Screenshots:
None
Threat Actors: omni777
Victim Country: Mexico
Victim Industry: Automotive
Victim Organization: Blue Services Mexico
Victim Site: blueservices-mexico.com - Alleged data breach of Movistar Venezuela
Category: Data Breach
Content: A threat actor claims to have breached Movistar Venezuela, obtaining 4.15 million customer records. The dataset allegedly includes full names, national ID numbers, account numbers, billing account numbers, geographic area, lifecycle status, payment method, product line, and subscriber IDs. A proof-of-concept sample of 5,000 rows was shared in the post.
Date: 2026-05-19T01:29:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76647
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Venezuela
Victim Industry: Telecommunications
Victim Organization: Movistar Venezuela
Victim Site: movistar.com.ve - Alleged data breach of ReferralRock referral marketing platform
Category: Data Breach
Content: A threat actor claims to have obtained the full internal database of ReferralRock, a US-based referral marketing platform, following an alleged intrusion in May 2026. The leaked dataset reportedly spans 1,947 CSV files totaling 5GB and over 11 million records, containing personal information such as full names, email addresses, phone numbers, physical addresses, and referral program metadata. Sample data includes identifiable individuals linked to third-party referral programs.
Date: 2026-05-19T01:27:17Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76656
Screenshots:
None
Threat Actors: zSenior
Victim Country: United States
Victim Industry: Technology
Victim Organization: ReferralRock
Victim Site: referralrock.com - Alleged data leak of Argentina BCRA, IOMA, and PFA records by EsqueleSquad
Category: Data Leak
Content: Threat actor group EsqueleSquad claims to have leaked data from multiple Argentine government entities, including over 32 million credit scores from BCRA, over 1 million IOMA health insurance affiliate and patient records, and 903 classified PDF documents from PFA. The data is being distributed for free via a Telegram channel, with partial samples posted to the forum. The post also claims to include personal information on Buenos Aires Governor Axel Kicillof.
Date: 2026-05-19T01:22:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76658
Screenshots:
None
Threat Actors: Skull1172
Victim Country: Argentina
Victim Industry: Government
Victim Organization: BCRA, IOMA, PFA
Victim Site: Unknown - Alleged data breach of Swan Bitcoin
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from Swan Bitcoin containing 235,000+ records. The dataset includes email addresses, names, phone numbers, physical addresses, birthdates, KYC status fields, transaction-related data, and account metadata. The data appears to originate from a CRM or marketing platform and is being made available behind a reply-gate on a dark web forum.
Date: 2026-05-19T01:18:12Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76662
Screenshots:
None
Threat Actors: david20
Victim Country: United States
Victim Industry: Finance
Victim Organization: Swan Bitcoin
Victim Site: swanbitcoin.com - Alleged Data Leak of FTX Claimants Data from Kroll Breach
Category: Data Leak
Content: A threat actor has leaked approximately 198,000 records of FTX claimants, attributed to the 2023 Kroll data breach. The dataset includes applicant names, email addresses, phone numbers, country of residence, AML review status, account balance tags, and trading behavior flags. Sample records indicate the data originates from FTX and Blockfolio-FTXUS KYC/AML review processes.
Date: 2026-05-19T01:13:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76663
Screenshots:
None
Threat Actors: david20
Victim Country: United States
Victim Industry: Finance
Victim Organization: Kroll
Victim Site: kroll.com - Alleged data leak of business.adobe.com with associated marketing platform databases
Category: Data Leak
Content: A threat actor operating as MDGhost666 claims to be leaking an 832.87GB dataset attributed to business.adobe.com, purportedly covering 2025–2026. The post also references associated databases from marketing platforms including SendGrid (1,264,800 lines), HubSpot (1,522,250 lines), MailGun (1,424,900 lines), and MailJet, with the data appearing to cover enterprise customer and marketing-related records.
Date: 2026-05-19T01:08:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76666
Screenshots:
None
Threat Actors: MDGhost666
Victim Country: United States
Victim Industry: Enterprise Software
Victim Organization: Adobe
Victim Site: business.adobe.com - Request for large-quantity fresh B2B email database
Category: Alert
Content: A forum user is requesting a large quantity of fresh B2B email databases. No specific victim organization or dataset is identified. This appears to be a procurement request rather than an active sale or leak.
Date: 2026-05-19T01:04:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76694
Screenshots:
None
Threat Actors: greena001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged illegal hacking services offering unauthorized access to Telegram, mobile devices, iCloud, email, and social media accounts
Category: Cyber Attack
Content: User @sureciphern advertises illegal hacking and unauthorized access services including Telegram account hacks, mobile phone hacks, website hacks, iCloud account hacks, IP camera hacks, Snapchat hacks, email hacks, stolen funds recovery, and social media account rental/hacking for Reddit and LinkedIn. Contact solicitation via Telegram.
Date: 2026-05-19T01:03:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/84574
Screenshots:
None
Threat Actors: sureciphern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Belambra.fr — 402K records including reservations and user data
Category: Data Leak
Content: A threat actor known as ChimeraZ claims to have leaked a database belonging to Belambra.fr, a French holiday village and leisure club network. The leaked data reportedly includes approximately 402,000 records across reservation details, user account credentials (including bcrypt-hashed passwords), personal information (names, emails), and childrens data. The database is being freely distributed across multiple file-sharing platforms in JSON format.
Date: 2026-05-19T00:59:29Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76724
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Hospitality
Victim Organization: Belambra
Victim Site: belambra.fr - Alleged data breach of YellowSlate India school search engine
Category: Data Breach
Content: A threat actor claims to have obtained the full database of YellowSlate, Indias school search engine, allegedly compromised in May 2026. The dataset spans 11,375 CSV files totaling 7.2GB and reportedly includes personal data such as names, email addresses, phone numbers, school enrollment leads, and advertising attribution metadata. The post includes a sample with identifiable parent and student information linked to specific schools in Bengaluru.
Date: 2026-05-19T00:55:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76791
Screenshots:
None
Threat Actors: zSenior
Victim Country: India
Victim Industry: Education
Victim Organization: YellowSlate
Victim Site: yellowslate.com - Alleged free OSINT data supply distribution
Category: Data Leak
Content: A forum user is offering a free download advertised as an OSINT supply with no sample provided. No specific victim organization, data type, or record count is disclosed. Content is hidden behind a reply gate.
Date: 2026-05-19T00:50:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76807
Screenshots:
None
Threat Actors: roulettegun
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Bulk SMS platform inquiry for marketing campaigns
Category: Alert
Content: A forum user is requesting recommendations for bulk SMS delivery software to send campaigns to over 8,500 contacts across Canada. The post does not contain explicit threat content but was submitted on a cracking forum. No specific victim or malicious activity is described.
Date: 2026-05-19T00:49:34Z
Network: openweb
Published URL: https://crackingx.com/threads/75722/
Screenshots:
None
Threat Actors: Robertsly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Careficient EMR software exposing patient and staff records
Category: Data Breach
Content: A threat actor is offering an alleged database dump from Careficient, an EMR software provider for Home Health, Hospice, and Home Care management. The dataset reportedly includes 163,644 patient records containing SSNs, dates of birth, medical record numbers, and PII, as well as 1,218 staff records with hashed passwords and salts. The data is being made available via a hidden download gated behind forum account activity or upgrade.
Date: 2026-05-19T00:45:51Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76808
Screenshots:
None
Threat Actors: attacker_company
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Careficient
Victim Site: careficient.com - Alleged data leak of profcyma.com student admission records
Category: Data Leak
Content: A threat actor leaked approximately 5,000 records allegedly obtained from profcyma.com, an Indian education consultancy platform. The dataset includes student names, email addresses, phone numbers, city, state, university enrollment details, program specializations, course fees, amounts received, and payment dates. The data appears to relate to student admissions processed through multiple education consultancy partners.
Date: 2026-05-19T00:41:12Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76832
Screenshots:
None
Threat Actors: FOSGANK
Victim Country: India
Victim Industry: Education
Victim Organization: Profcyma
Victim Site: profcyma.com - Alleged data leak of Gites de France (gites-de-france.com)
Category: Data Leak
Content: A threat actor known as ChimeraZ claims to have leaked a database belonging to gites-de-france.com, a French holiday rental network. The leaked data reportedly includes 389,129 customer records in JSON format (470 MB), containing full names, email addresses, phone numbers, physical addresses, booking details, and stay pricing. An additional file of approximately 69,838 site logs and support tickets is also included in the release.
Date: 2026-05-19T00:36:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76849
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Hospitality
Victim Organization: Gites de France
Victim Site: gites-de-france.com - Website Defacement of wawschulz.de by 0xSHALL of FOURSDEATH TEAM
Category: Defacement
Content: On May 19, 2026, threat actor 0xSHALL operating under the group FOURSDEATH TEAM defaced a page on the German website wawschulz.de. The attack targeted a specific subpage (zxc.html) rather than the homepage, indicating a targeted page-level defacement. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-05-19T00:33:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924752
Screenshots:
None
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: WAW Schulz
Victim Site: wawschulz.de - Alleged data breach of Perfilan.com — Mexican real estate CRM database
Category: Data Breach
Content: A threat actor alleges that Perfilan, a Mexican real estate sector service provider, suffered a cyber intrusion in May 2026 resulting in the full compromise of its customer database. The leaked dataset consists of 83 CSV files totaling over 3.7 million records and 924 MB, containing customer names, phone numbers, email addresses, project names, lead stage notes, call history, and assigned owner details. Sample records are provided as evidence.
Date: 2026-05-19T00:31:52Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=76875
Screenshots:
None
Threat Actors: zSenior
Victim Country: Mexico
Victim Industry: Real Estate
Victim Organization: Perfilan
Victim Site: perfilan.com - Sale of 70 credit card fullz including PAN, CVV, and personal details
Category: Carding
Content: A threat actor is offering a database of 70 credit card fullz for sale, including PAN, CVV, cardholder name, address, and country. The data is marketed as fresh as of May 2026. No specific victim organization or breach source is identified.
Date: 2026-05-19T00:31:33Z
Network: openweb
Published URL: https://nulledbb.com/thread-DATABASE-70-CC-FULLZ-%E2%80%94-PAN-CVV-NAME-ADDRESS-COUNTRY-%E2%80%94-FRESH-MAY-2026
Screenshots:
None
Threat Actors: adnanzzzz3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo List targeting mixed-country gaming services
Category: Combo List
Content: A combo list of approximately 1 million email and password pairs is being shared, targeting gaming services across multiple countries. The list is marketed as suitable for credential stuffing against gaming platforms.
Date: 2026-05-19T00:23:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-041-909-Mixed-Country-Gaming-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown - Free combo list targeting Reddit with 691K credentials
Category: Combo List
Content: A combo list of approximately 691,000 email:password pairs is being distributed, marketed as high quality and targeting Reddit accounts. The list is attributed to a user named Nuttela and shared freely on the forum.
Date: 2026-05-19T00:23:09Z
Network: openweb
Published URL: https://altenens.is/threads/691k-high-quality-mail-pass-combo-reddit-by-nuttela.2942491/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Combo list of 990K mail:pass credentials
Category: Combo List
Content: A combo list containing approximately 990,000 mail:pass credential pairs was shared on a forum by user Prince1001. The post advertises the list as fresh and ready for use. No specific breach source or victim organization is identified.
Date: 2026-05-19T00:22:46Z
Network: openweb
Published URL: https://altenens.is/threads/star990kstar-mail-pass-it-fasthigh-voltageby-nuttelahigh-voltage.2942495/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 900K email:password combo list targeting Roblox, 8 Ball, and Uplay
Category: Combo List
Content: A forum user is distributing a combo list containing approximately 900,000 email:password pairs purportedly suitable for credential stuffing against Roblox, 8 Ball Pool, and Uplay. The content is gated behind a reply requirement. The named services are credential-stuffing targets, not the source of the breach.
Date: 2026-05-19T00:22:22Z
Network: openweb
Published URL: https://altenens.is/threads/star900kstar-lines-high-quality-mail-pass-combo-roblox-8-ball-uplay-high-voltageby-nuttelahigh-voltage.2942494/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Roblox combo list with 299K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 299,000 email:password pairs marketed for use against Roblox accounts. The content is gated behind a reply requirement on the forum.
Date: 2026-05-19T00:20:15Z
Network: openweb
Published URL: https://altenens.is/threads/star299kstar-mail-pass-roblox-combolist-high-voltageby-nuttelahigh-voltage.2942490/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Hotmail combo list with 6.6K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 6,600 Hotmail credentials, marketed as valid and high quality. The content is gated behind forum replies or a paid account upgrade. The post is dated 19 May and contact is provided via Telegram.
Date: 2026-05-19T00:18:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-6-6K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-19-05
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free combo list of 800K email:password credentials for X, Discord, and other services
Category: Combo List
Content: A forum user shared a combo list of approximately 800,000 email:password pairs, advertised as usable for credential stuffing against X (Twitter), Discord, and other services. The content is gated behind a reply requirement. No specific breached organization is identified.
Date: 2026-05-19T00:18:43Z
Network: openweb
Published URL: https://altenens.is/threads/star800kstar-mail-pass-x-discord-etc-high-voltageby-nuttelahigh-voltage.2942493/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Mein Wellness Moment by 0xSHALL (FOURSDEATH TEAM)
Category: Defacement
Content: On May 19, 2026, the German wellness website meinwellnessmoment.de was defaced by threat actor 0xSHALL operating under the group FOURSDEATH TEAM. The attacker targeted a specific page (zxc.html) rather than the sites homepage, indicating a partial or targeted defacement. No motive or additional technical details were disclosed.
Date: 2026-05-19T00:15:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/924751
Screenshots:
None
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Germany
Victim Industry: Health & Wellness
Victim Organization: Mein Wellness Moment
Victim Site: meinwellnessmoment.de - Sale of Hotmail combo list with 6.6K valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 6,600 Hotmail credentials, marketed as valid and UHQ. The content is gated behind forum registration and promoted via Telegram channel.
Date: 2026-05-19T00:14:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-6-6K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-19-05
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Israeli voter registration database
Category: Data Leak
Content: A threat actor claims to be distributing a database containing personal data of approximately 7.2 million Israeli voters free of charge. The post indicates the data relates to Israeli elections and is being made available without payment. No sample data was visible in the post.
Date: 2026-05-19T00:11:13Z
Network: openweb
Published URL: https://breached.st/threads/israeli-voters-in-israel-elections-7-2-milliond.87355/unread
Screenshots:
None
Threat Actors: BabayoErorSystem
Victim Country: Israel
Victim Industry: Government
Victim Organization: Israeli Electoral Authority
Victim Site: Unknown - Alleged illegal hacking services advertisement by CIPHERN
Category: Cyber Attack
Content: User @sureciphern advertising illegal hacking and account compromise services including Telegram hacks, mobile phone hacks, website hacks, iCloud hacks, email hacks, Snapchat hacks, LinkedIn account rental/hacks, Reddit account rental/hacks, and stolen funds recovery. Services are being actively promoted in marketplace channel.
Date: 2026-05-19T00:06:12Z
Network: telegram
Published URL: https://t.me/c/2613583520/84550
Screenshots:
None
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged stolen credit card marketplace Boss Shop with daily fresh card inventory
Category: Combo List
Content: Boss Shop operates as a marketplace selling stolen/fraudulent credit cards with 100K+ daily updates. Cards are validated through authentication and priced from $0.01. The operation includes a web storefront, Tor mirror, and Telegram channel. They offer daily free giveaways of 10K cards and claim compensation guarantees. The marketplace also advertises integration with credential checking tools (Silverbullet, Openbullet 2) and captcha bypass capabilities across multiple platforms (hCaptcha, Cloudflare, reCAPTCHA v2/v3, etc.).
Date: 2026-05-19T00:02:07Z
Network: telegram
Published URL: https://t.me/c/2613583520/84540
Screenshots:
None
Threat Actors: Boss Shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown