Detected Incidents Draft Data – 2026-05-29 (run date)
- Alleged USDT Money Laundering and Cryptocurrency Fraud Scheme
Category: Cyber Attack
Content: Multiple coordinated posts advertising USDT purchasing services with commission offers (10-25%). Users claim to be from China with cryptocurrency purchase restrictions and offer commissions to facilitate USDT transactions. Pattern suggests organized money laundering or advance-fee fraud scheme targeting cryptocurrency traders.
Date: 2026-05-29T04:53:32Z
Network: telegram
Published URL: https://t.me/c/2613583520/92101
Screenshots:
1 screenshot(s) available
Threat Actors: Unknown coordinated fraud ring
Victim Country: Unknown
Victim Industry: Financial/Cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Musson by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media/customer directory page on the Musson website (www.musson.com). The incident was a targeted single-page defacement rather than a mass or home page compromise. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-29T04:16:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929409
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / Distribution
Victim Organization: Musson
Victim Site: www.musson.com - Website Redefacement of iDropan Shop by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The e-commerce website idropanshop.com was redefaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd, on May 29, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced by the same or another actor. The defacement was limited to a specific media directory path rather than the sites homepage, suggesting targeted exploitation of an upload or media handling vulnerability.
Date: 2026-05-29T04:15:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929411
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: iDropan Shop
Victim Site: www.idropanshop.com - Website Redefacement of Beads Venue by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The Australian online retail website Beads Venue (beadsvenue.com.au) was defaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd. This incident is a redefacement, indicating the site had been previously compromised by the same or related actor. The attack targeted a subdirectory of the site rather than the homepage.
Date: 2026-05-29T04:13:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929412
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Retail / E-commerce
Victim Organization: Beads Venue
Victim Site: www.beadsvenue.com.au - Website Defacement of Nha Sach Quang Loi by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a subdirectory of nhasachquangloi.vn, a Vietnamese bookstore website. The attack was a targeted, non-mass defacement affecting a specific page rather than the homepage. No team affiliation, stated motive, or technical details about the server environment were disclosed.
Date: 2026-05-29T04:12:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929410
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Retail / Bookstore
Victim Organization: Nha Sach Quang Loi
Victim Site: nhasachquangloi.vn - Alleged data leak of 490K citizen records from Ambato, Ecuador with webshell access for sale
Category: Data Leak
Content: Threat actor VandalsGroup has freely released a dataset allegedly containing 490,000 citizen records of the entire population of Ambato, Ecuador, including national identification numbers, dates of birth, and full names. The actor also claims to be selling webshell access with full intranet access to two government servers at ambato.gob.ec and tungurahua.gob.ec. Sample records are provided as proof of claim.
Date: 2026-05-29T04:03:31Z
Network: openweb
Published URL: https://breached.su/threads/ecuador-490k-records-of-all-citizens-of-ambato-ecuador-webshell.87695/unread
Screenshots:
8 screenshot(s) available
Threat Actors: VandalsGroup
Victim Country: Ecuador
Victim Industry: Government
Victim Organization: Municipality of Ambato / Tungurahua Provincial Government
Victim Site: ambato.gob.ec - Website Defacement of Kunst-Koeder.de by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a media/customer-facing subdirectory of kunst-koeder.de, a German arts and fishing supplies retail website. The incident was a targeted single-site defacement with no known team affiliation, mass campaign, or prior redefacement history. Technical details such as server software and IP address were not disclosed in available reporting.
Date: 2026-05-29T04:00:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929363
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / E-Commerce (Arts & Crafts / Fishing Supplies)
Victim Organization: Kunst-Koeder
Victim Site: kunst-koeder.de - Website Redefacement of Herbal Snu by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against www.herbalsnu.com, targeting a subdirectory within the sites media path. This incident marks at least a second successful defacement of the same target, suggesting persistent access or recurring vulnerability exploitation. The attacker operated without affiliation to a known team.
Date: 2026-05-29T03:57:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929358
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Health & Wellness
Victim Organization: Herbal Snu
Victim Site: www.herbalsnu.com - Website defacement of Inforshop by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, the Brazilian e-commerce or technology retail website inforshop.com.br was defaced by threat actor azraelzer0d4y, a member of the hacking group b1ohaz4rd. The defacement targeted a subdirectory path within the sites media folder and was not classified as a mass or home page defacement. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-29T03:51:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929165
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Retail / E-commerce
Victim Organization: Inforshop
Victim Site: inforshop.com.br - Website Defacement of Panborrachas by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: The Brazilian rubber products company Panborrachas had a page on its website defaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd, on May 29, 2026. The defacement targeted a subdirectory within the sites media path rather than the homepage, indicating a targeted file-level compromise. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-29T03:49:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929163
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Retail / Manufacturing (Rubber Products)
Victim Organization: Panborrachas
Victim Site: panborrachas.com.br - Alleged data breach of Algerias Ministry of Tourism and Handicrafts (mta.gov.dz)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from mta.gov.dz, the Algerian Ministry of Tourism and Handicrafts, containing approximately 728,000 records. The dataset is structured across three sections: customer contacts, ticket support requests, and service booking history, including personally identifiable information such as names, emails, phone numbers, addresses, and payment details. Sample files are shared via external file-hosting links.
Date: 2026-05-29T03:43:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78223
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Algeria
Victim Industry: Government
Victim Organization: Ministry of Tourism and Handicrafts Algeria
Victim Site: mta.gov.dz - Alleged data breach of MercadoPago Argentina with customer and financial records
Category: Data Breach
Content: A threat actor is selling an alleged dataset attributed to MercadoPago Argentina, priced at $1,100, comprising approximately 425,000 records across three sections: Customer Contacts (including PII, password hashes, and CRM data), Payment Accounts (including national IDs, KYC status, account balances, and fraud flags), and Transaction History (including billing addresses, transaction amounts, IP addresses, and chargeback data). Sample download links were provided via Gofile to substantiate the cl…
Date: 2026-05-29T03:41:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78224
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Argentina
Victim Industry: Finance
Victim Organization: MercadoPago
Victim Site: mercadopago.com.ar - Alleged data breach of Argentinas Poder Judicial de la Nación (PJN)
Category: Data Breach
Content: A threat actor is offering a dataset purportedly sourced from Argentinas Poder Judicial de la Nación (pjn.gov.ar), containing approximately 563,000 records across three categories: contact records (including national IDs, personal emails, phone numbers, home addresses, and date of birth), legal case client data (including social security numbers, case details, and court information), and legal support tickets. The data includes highly sensitive personally identifiable information tied to indivi
Date: 2026-05-29T03:40:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78227
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Poder Judicial de la Nación
Victim Site: pjn.gov.ar - Alleged data breach of Argentina Ministry of Justice (jus.gob.ar)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from jus.gob.ar, the Argentine Ministry of Justice, containing approximately 684,000 records. The dataset is structured across three sections — Contact, Legal Case Application, and Customer Interaction Log — and includes national IDs, full names, email addresses, home addresses, phone numbers, dates of birth, legal case details, and interaction logs. The data is described as fresh and organized, and a sample download link is provided.
Date: 2026-05-29T03:38:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78228
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Argentine Ministry of Justice
Victim Site: jus.gob.ar - Website Defacement of Modenweb by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media/customer directory page on modenweb.com. The attack targeted a subdirectory of the site rather than the homepage, suggesting a targeted path-level defacement. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-05-29T03:37:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928863
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Modenweb
Victim Site: modenweb.com - Alleged data breach of Golf Victoria
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Golf Victoria comprising approximately 418,000 records across three sections: Contacts, Memberships, and Tournament Registrations. The data reportedly includes personal contact details (name, email, phone, address, date of birth), membership history and payment status, and tournament participation records. The dataset is offered for $900 via a darknet forum.
Date: 2026-05-29T03:36:50Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78232
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Australia
Victim Industry: Sports & Recreation
Victim Organization: Golf Victoria
Victim Site: golfvictoria.org.au - Website defacement of konouzeg.com by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a media or customer-related page on konouzeg.com. The attack was a targeted single-page defacement rather than a mass or home page defacement. Technical details such as server software and IP address were not disclosed in the available reporting.
Date: 2026-05-29T03:36:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928862
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Konouzeg
Victim Site: konouzeg.com - Alleged data breach of Bangladesh Overseas Employment and Services Limited (BOESL)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from boesl.gov.bd, the Bangladesh Overseas Employment and Services Limited, for $1,100. The dataset purportedly contains approximately 742,000 records across three sections — Contacts, Job Applications, and Visa Processing Records — including full names, dates of birth, passport numbers, BMET registration numbers, biometric verification status, and contact details. The data is described as relating to labor export registration applicants.
Date: 2026-05-29T03:35:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78233
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Overseas Employment and Services Limited
Victim Site: boesl.gov.bd - Website Defacement of smastory.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website smastory.com was defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd, on May 29, 2026. The attack targeted a subdirectory path associated with customer advertising content. The incident was a single targeted defacement, not classified as a mass or home page defacement.
Date: 2026-05-29T03:34:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928860
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Media/Advertising
Victim Organization: SMA Story
Victim Site: smastory.com - Alleged data breach of Higher Education Commission of Pakistan exposing 1.5 million citizens PII
Category: Data Breach
Content: A threat actor known as FlipperOne is selling a dataset allegedly obtained from the Higher Education Commission (HEC) of Pakistan, claiming to contain sensitive PII of 1.5 million Pakistani citizens. The data purportedly includes full names, CNIC (national identity card numbers), father names, email addresses, mobile numbers, dates of birth, religion, blood group, and postal addresses. The listing is priced at $3,499 in Monero and is advertised as an exclusive single-buyer sale.
Date: 2026-05-29T03:34:15Z
Network: openweb
Published URL: https://breached.su/threads/pakistan-1-5-million-citizens-sensitive-pii-breached-2026.87693/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Flipperone
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: Higher Education Commission (HEC) of Pakistan
Victim Site: hec.gov.pk - Alleged data breach of Swiss Medical Group exposing patient and health plan records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from swissmedical.com.ar, an Argentine private health insurance provider, for $1,300. The dataset reportedly contains approximately 458,000 records spanning three sections: patient contact information (names, emails, addresses, birthdates, login credentials), health plan details (policy numbers, tax IDs, member passwords, coverage and billing data), and appointment records (doctor notes, patient notes, visit outcomes, billing codes). Sampl…
Date: 2026-05-29T03:33:43Z
Network: openweb
Published URL: https://breached.su/threads/458k-argentina-https-www-swissmedical-com-ar-patient-and-contact-records-including-personal-and-account-details.87694/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Argentina
Victim Industry: Healthcare
Victim Organization: Swiss Medical Group
Victim Site: swissmedical.com.ar - Website Defacement of AMC Intermarket by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced the website of AMC Intermarket at amcintermarket.com. The incident was a targeted single-site defacement, not part of a mass or repeated campaign. The defacement was archived and mirrored via zone-xsec.com with mirror ID 928867.
Date: 2026-05-29T03:33:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928867
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Finance / Trading
Victim Organization: AMC Intermarket
Victim Site: amcintermarket.com - Mass Website Defacement of Indonesian Islamic School by Adam Novice / Black Elerone Team
Category: Defacement
Content: On May 29, 2026, a threat actor identified as Adam Novice operating under the Black Elerone Team conducted a mass defacement attack targeting manbaul-ulum.sch.id, an Indonesian Islamic educational institution. The attack targeted the schools news page running on a Linux-based server. A mirror of the defacement was archived at haxor.id, confirming this incident was part of a broader mass defacement campaign.
Date: 2026-05-29T03:27:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249679
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Manbaul Ulum Islamic School
Victim Site: manbaul-ulum.sch.id - Mass Defacement of Indonesian Business Site by Adam Novice of Black Elerone Team
Category: Defacement
Content: The threat actor Adam Novice, affiliated with Black Elerone Team, conducted a mass defacement targeting evandriaprimajasindo.co.id, an Indonesian business services website. The attack targeted the /berita (news) subdirectory on a Linux-based server and is classified as both a mass and re-defacement, indicating the site had been previously compromised. The incident was archived on May 29, 2026, with a mirror preserved at haxor.id.
Date: 2026-05-29T03:21:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249678
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Indonesia
Victim Industry: Business Services
Victim Organization: Evandria Prima Jasindo
Victim Site: evandriaprimajasindo.co.id - Alleged data leak of cdmx.gob.mx (Mexico City Government)
Category: Data Leak
Content: A threat actor operating under the alias krypto/V01 | Exiliados has freely distributed an alleged database dump from the Mexico City Government portal (cdmx.gob.mx). The dataset reportedly contains approximately 1 million records including national ID numbers (CVE/CURP), full names, dates of birth, sex, addresses, and electoral credential data. The data has been made available via a public file-sharing link.
Date: 2026-05-29T03:02:00Z
Network: openweb
Published URL: https://breached.su/threads/dataleak-of-www-cdmx-gob-mx.87692/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Mexico City Government (CDMX)
Victim Site: cdmx.gob.mx - Alleged data leak of Amepi.fr (Amanda) French real estate platform
Category: Data Leak
Content: A threat actor known as ChimeraZ claims to have leaked a database belonging to Amepi.fr (Amanda), described as a French cooperative real estate platform for sharing property listings among agencies. The leaked data, distributed in JSON format (2.35 MB), contains records including visit IDs, mandate IDs, personal names, property addresses, and transaction prices. Sample records reference multiple real estate agencies and individual client names.
Date: 2026-05-29T02:04:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78090
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Real Estate
Victim Organization: Amepi (Amanda)
Victim Site: amepi.fr - Alleged data leak of Takriz Team member information
Category: Data Leak
Content: A threat actor claims to have leaked personal information and photos of members belonging to Takriz, described as a Tunisian cyber threat group allegedly operating under political sponsorship. The post offers files containing member details for free download. The actor also alleges that Takriz recently conducted a cyberattack against the MyTT app to distribute unauthorized notifications.
Date: 2026-05-29T02:03:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78220
Screenshots:
1 screenshot(s) available
Threat Actors: mecrobyte
Victim Country: Tunisia
Victim Industry: Unknown
Victim Organization: Takriz
Victim Site: Unknown - Mass Redefacement of Indonesian Regional Parliament Website by Ushiromiya
Category: Defacement
Content: The official website of the Regional Peoples Representative Council (DPRD) of Agam Regency, Indonesia, was defaced by the threat actor known as Ushiromiya. This incident is classified as both a mass defacement and a redefacement, indicating the attacker has previously targeted this site and is conducting broader campaign activity. The targeted server was running on a Linux-based environment.
Date: 2026-05-29T02:02:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249677
Screenshots:
1 screenshot(s) available
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: DPRD Agam Regency (Regional Peoples Representative Council of Agam Regency)
Victim Site: dprd.agamkab.go.id - Website Defacement of My Hair Accessory by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced the website myhairaccessory.com, targeting a media directory within the sites public folder. The defacement was an individual, non-mass attack with no stated motive or team affiliation. The incident was recorded and mirrored by zone-xsec.com under mirror ID 928791.
Date: 2026-05-29T01:45:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928791
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Fashion Accessories
Victim Organization: My Hair Accessory
Victim Site: myhairaccessory.com - Website Defacement of Automatech by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a subdirectory of automatech.co.uk, a UK-based technology and automation company. The attack was not classified as a mass or home page defacement, suggesting it targeted a specific media or custom content path. No team affiliation, motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T01:44:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928807
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Technology / Automation
Victim Organization: Automatech
Victim Site: automatech.co.uk - Website Defacement of ConMetall Meister by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website of ConMetall Meister, a German metal industry company, was defaced by the threat actor DimasHxR. The attacker targeted a subdirectory of the media section of the website. No team affiliation, specific motive, or technical details regarding the server infrastructure were disclosed in connection with this incident.
Date: 2026-05-29T01:43:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928795
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Manufacturing / Metal Industry
Victim Organization: ConMetall Meister
Victim Site: www.conmetallmeister.de - Website Defacement of Diamantaire Imports by DimasHxR
Category: Defacement
Content: The website diamantaireimports.com, belonging to Diamantaire Imports, a jewelry and diamond import business, was defaced by threat actor DimasHxR on May 29, 2026. The defacement targeted a subdirectory path within the site rather than the homepage, indicating a partial or directory-level compromise. No team affiliation, specific motive, or technical details regarding the server or exploitation method were disclosed.
Date: 2026-05-29T01:42:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928797
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Jewelry & Diamond Imports
Victim Organization: Diamantaire Imports
Victim Site: diamantaireimports.com - Website Defacement of West Derby Carpets & Blinds by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a page on the website of West Derby Carpets & Blinds, a UK-based home furnishings retailer. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T01:41:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928813
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail – Home Furnishings
Victim Organization: West Derby Carpets & Blinds
Victim Site: westderbycarpetsblinds.co.uk - Website Defacement of Discounted Decals by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a media directory page on discounteddecals.com, a retail e-commerce website likely selling decals and stickers. The defacement was a targeted, single-site incident with no team affiliation reported and no stated motivation. A mirror of the defaced page was archived on zone-xsec.com for reference.
Date: 2026-05-29T01:41:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928802
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / E-commerce
Victim Organization: Discounted Decals
Victim Site: discounteddecals.com - Website Defacement of Kennzeichen-Teufel by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a subdirectory of kennzeichen-teufel.de, a German license plate and automotive accessories retailer. The incident was a targeted, non-mass defacement affecting a specific media path rather than the sites homepage. No team affiliation, stated motive, or technical server details were disclosed in connection with this attack.
Date: 2026-05-29T01:40:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928799
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / Automotive Accessories
Victim Organization: Kennzeichen Teufel
Victim Site: kennzeichen-teufel.de - Website Defacement of Nebraska Life by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a web page hosted on www.nebraskalife.com, targeting a subdirectory within the sites media folder. The defacement was carried out as a single, targeted attack with no affiliation to a known group or team. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-29T01:39:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928793
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Insurance / Financial Services
Victim Organization: Nebraska Life
Victim Site: www.nebraskalife.com - Website Defacement of Plantmania.nl by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a media/customer directory on plantmania.nl, a Netherlands-based plant retail website. The incident was a targeted single-site defacement, not part of a mass defacement campaign. No team affiliation, stated motive, or server details were disclosed.
Date: 2026-05-29T01:38:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928805
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Retail / E-commerce (Plants & Horticulture)
Victim Organization: Plantmania
Victim Site: plantmania.nl - Website Defacement of Anugraha Online by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a subdirectory of anugrahaonline.com, targeting a specific media/custom path rather than the homepage. The attack was carried out as a solo operation with no affiliated team, and the targeted path suggests a partial or directory-level defacement rather than a full site compromise.
Date: 2026-05-29T01:37:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928804
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Anugraha Online
Victim Site: anugrahaonline.com - Website Defacement of The Movie and TV Store by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website themovieandtvstore.com was defaced by the threat actor DimasHxR operating independently without a team affiliation. The attack targeted a subdirectory of the site rather than the homepage, indicating a targeted intrusion into a specific web path. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-29T01:36:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928794
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / Entertainment
Victim Organization: The Movie and TV Store
Victim Site: themovieandtvstore.com - Website Defacement of Loeffler Stühle by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a page on loefflerstuehle.de, a German furniture retailers website. The defacement targeted a non-homepage URL within the sites media directory, suggesting a targeted file-level compromise rather than a full site takeover. No team affiliation, stated motive, or server details were disclosed.
Date: 2026-05-29T01:36:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928796
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / Furniture
Victim Organization: Loeffler Stühle
Victim Site: loefflerstuehle.de - Website Defacement of Preloved Caravan Awnings by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced the website of Preloved Caravan Awnings, a UK-based retailer specializing in second-hand caravan awnings. The attack was a targeted single-site defacement with no team affiliation, no stated motivation, and no prior defacement history recorded for this domain.
Date: 2026-05-29T01:35:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928810
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / E-commerce
Victim Organization: Preloved Caravan Awnings
Victim Site: www.prelovedcaravanawnings.co.uk - Website Defacement of GPS Gadgets UK by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced a media/custom directory page on gpsgadgets.co.uk, a UK-based GPS and gadget retail website. The attack was an individual (non-mass, non-home page) defacement, suggesting targeted exploitation of a specific web directory. No team affiliation, stated motive, or technical server details were disclosed in connection with this incident.
Date: 2026-05-29T01:34:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928809
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / Consumer Electronics
Victim Organization: GPS Gadgets
Victim Site: gpsgadgets.co.uk - Website Defacement of Dental Savings Club by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced the website of Dental Savings Club, a dental savings and discount services organization. The defacement targeted a subdirectory of the domain and was carried out as a solo attack with no affiliated team. Technical details such as server software and IP address were not disclosed in available reporting.
Date: 2026-05-29T01:33:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928800
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Healthcare / Dental Services
Victim Organization: Dental Savings Club
Victim Site: www.dentalsavingsclub.com - Website Defacement of HerbalSnu by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website herbalsnu.com was defaced by the threat actor DimasHxR, operating without an affiliated team. The attacker targeted a subdirectory within the sites media folder, suggesting exploitation of a content management system vulnerability. The incident was a targeted single-site defacement with no indication of mass or repeat defacement activity.
Date: 2026-05-29T01:32:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928803
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Herbal Products
Victim Organization: HerbalSnu
Victim Site: herbalsnu.com - Sale of stolen prepaid debit cards, clone cards, and bank logs for payment platform fraud
Category: Carding
Content: A threat actor is offering for sale clone cards, prepaid linkable debit cards, credit cards, and bank logs at various price tiers, marketed for use with payment platforms including CashApp, PayPal, Apple Pay, Zelle, and Venmo. The seller also advertises fraudulent online transfers across multiple platforms including Bitcoin and USDT. Contact is solicited via Telegram and WhatsApp.
Date: 2026-05-29T01:27:58Z
Network: openweb
Published URL: https://altenens.is/threads/fresh-prepaid-linkable-debits-available-instock-for-cashapp-applepay-paypal-skrill-zelle-venmo-etc-and-they-really-hitting-lit-asf-clone-card.2945696/unread
Screenshots:
3 screenshot(s) available
Threat Actors: Calaw
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of historical US public records database from SnailSearch/David Gray adoption system
Category: Data Leak
Content: A threat actor has leaked approximately 6.8 GB of historical US public records (~1997) originally associated with David Grays SnailSearch people-finder system, including birth, marriage, death, and divorce vitals records in CSV format. The poster claims to have removed drivers license and voter files containing SSNs prior to publishing. The data is being made available via public file-sharing links.
Date: 2026-05-29T01:25:53Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Got-another-one-that-might-interest-you-HISTORICAL-for-real
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of compromised TikTok and SHEIN accounts with documented violations
Category: Initial Access
Content: Threat actor offering to sell compromised TikTok US personal accounts, TikTok store accounts with violation appeals, and SHEIN self-operated store accounts across multiple regions. Pricing ranges from 300-800 USDT. Accounts include high-follower TikTok accounts (500K+ followers) and bulk account packages. Contact via Telegram handle provided.
Date: 2026-05-29T01:13:35Z
Network: telegram
Published URL: https://t.me/c/2613583520/91965
Screenshots:
1 screenshot(s) available
Threat Actors: xxin7
Victim Country: United States, European Union
Victim Industry: E-commerce, Social Media
Victim Organization: TikTok, SHEIN
Victim Site: Unknown - Mass Defacement of ultra-libero.com by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 29, 2026, the website ultra-libero.com was defaced by threat actor XYZ, operating under the team name Alpha Wolf, as part of a mass defacement campaign targeting multiple sites. The attack was carried out on a Linux-based server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-29T00:31:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249676
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ultra Libero
Victim Site: ultra-libero.com - Mass Website Defacement of ueda-city.com by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 29, 2026, threat actor XYZ operating under the team name Alpha Wolf conducted a mass defacement attack targeting ueda-city.com, a website associated with Ueda City in Japan. The attack was carried out on a Linux-based server and was part of a broader mass defacement campaign. The defaced page was archived and mirrored at haxor.id.
Date: 2026-05-29T00:29:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249675
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Government
Victim Organization: Ueda City
Victim Site: ueda-city.com - Mass Defacement of imagekeeperpro.com by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 29, 2026, a threat actor identified as XYZ, operating under the group Alpha Wolf, conducted a mass defacement attack against imagekeeperpro.com, a web-based image management service hosted on a Linux server. The attack targeted the sites index page and was archived via the haxor.id mirror service. This incident was classified as a mass defacement, suggesting multiple sites were compromised in the same campaign.
Date: 2026-05-29T00:28:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249673
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Technology / Digital Media
Victim Organization: Image Keeper Pro
Victim Site: imagekeeperpro.com - Website Defacement of Heibon.jp by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 29, 2026, the Japanese website heibon.jp was defaced by a threat actor identified as XYZ, operating under the team name Alpha Wolf. The attack targeted a Linux-based server and resulted in a single-page defacement, as opposed to a mass or home page compromise. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-29T00:26:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249672
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Media / Publishing
Victim Organization: Heibon
Victim Site: heibon.jp - Website Defacement of Heibon.jp by XYZ of Team Alpha Wolf
Category: Defacement
Content: On May 29, 2026, the Japanese website heibon.jp was defaced by a threat actor identified as XYZ, operating under the group Alpha Wolf. The attack targeted the homepage directly and was not part of a mass defacement campaign. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-05-29T00:20:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928770
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Heibon
Victim Site: heibon.jp - Alleged data breach of Sinaloa government billing system
Category: Data Breach
Content: A threat actor affiliated with Olympus_Group claims to have exfiltrated over 100,000 user records from the Sinaloa state government billing system. The alleged dataset includes emails, passwords, RFC IDs, full names, phone numbers, business names, and verification codes. A sample of 1,000 records has been released freely, with the full database offered for sale.
Date: 2026-05-29T00:15:01Z
Network: openweb
Published URL: https://breached.su/threads/leak-sinaloa-billing-system-100-000-users.87691/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Hermes_Olymp
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Sinaloa State Government
Victim Site: Unknown
Detected Incidents Draft Data – 2026-05-28 (day before)
- Alleged data breach of iran-woodmart.ir
Category: Data Breach
Content: A threat actor has shared a small credential dump associated with iran-woodmart.ir, containing 31 URL/email/password combos. The file includes plaintext credentials linked to customer accounts on the site. The dataset is available for download to registered forum members.
Date: 2026-05-28T23:36:29Z
Network: openweb
Published URL: https://xforums.st/threads/iran-woodmart-ir-31-890-by-x-forums.617686/
Screenshots:
1 screenshot(s) available
Threat Actors: X Forum Bot
Victim Country: Iran
Victim Industry: Retail
Victim Organization: Woodmart Iran
Victim Site: iran-woodmart.ir - Alleged data leak of multiple French websites including Le Monde and CDIscount-linked databases
Category: Data Leak
Content: A threat actor is freely leaking multiple French website databases, claiming most were obtained in 2025. The collection spans six domains including a Le Monde PrestaShop instance and a CDIscount marketplace-linked database, totaling approximately 226,778 records. The actor states access was obtained to multiple PrestaShop instances, several of which were abandoned.
Date: 2026-05-28T23:12:53Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-COLLECTION-Collection-of-exclusive-and-unannounced-french-small-databases
Screenshots:
2 screenshot(s) available
Threat Actors: Angel_Batista
Victim Country: France
Victim Industry: Retail
Victim Organization: Multiple French organizations including Le Monde, CDIscount, photo.fr, opeaz.fr, produits-normandie.fr, classcroute.com
Victim Site: salon-artistique.lemonde.fr, marketplace.cdiscount.com, produits-normandie.fr, classcroute.com, photo.fr, opeaz.fr - Alleged sale of compromised email access and social media accounts across multiple countries
Category: Initial Access
Content: Threat actor offering mail access credentials and configurations across France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Also selling compromised TikTok US accounts (including verified accounts with 500k+ followers) and SHEIN store accounts with pricing ranging from $100-$800 USD. Offering combo lists, scripts, tools, and hits on request.
Date: 2026-05-28T23:02:25Z
Network: telegram
Published URL: https://t.me/c/2613583520/91903
Screenshots:
1 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Technology, E-commerce, Social Media
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of compromised social media accounts and payment card data
Category: Initial Access
Content: Threat actor offering to sell compromised TikTok US personal accounts, TikTok store accounts with violation appeal status, SHEIN self-operated business accounts (US and EU LLC), bulk TikTok video accounts with 500K followers, and CVV/payment card data. Prices range from $100-$800 USD. Also advertising mail access logs and combo lists across multiple countries.
Date: 2026-05-28T22:42:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/91877
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: Unknown
Victim Industry: Technology, E-commerce, Social Media
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Claude API key with 2 million tokens
Category: Data Leak
Content: A forum user is distributing what is claimed to be a free Claude API key with 2 million tokens. The post directs users to hidden content and an external site (tokies.lol). No breach details or origin of the key are provided.
Date: 2026-05-28T22:15:35Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%92%8E-free-claude-api-key-2m-tokens-ai-tokies-%F0%9F%92%8E
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Alleged data leak of Charter Communications, Inc.
Category: Data Leak
Content: The threat actor ShinyHunters claims to have leaked data from Charter Communications, Inc. containing over 42 million records with personally identifiable information. The post indicates the data was made available after the company allegedly failed to reach an agreement with the threat actors. The dataset was published on BreachForums with a hidden download link.
Date: 2026-05-28T22:14:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Charter-Communications-Inc
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Charter Communications, Inc.
Victim Site: charter.com - BreachForums announces partnership with StyxMarket cybercriminal marketplace
Category: Initial Access
Content: BreachForums has announced an official partnership with StyxMarket, a cybercriminal marketplace offering stealer logs, initial access, financial credentials, PII, credit cards, cash-out services, and more. The post provides both Tor and clearnet domains for the marketplace. StyxMarket is described as featuring a vendor ranking system, escrow wallet, and a premium fraud and hacking guide section.
Date: 2026-05-28T22:12:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-IMPORTANT-READ-Breachforums-X-StyxMarket
Screenshots:
1 screenshot(s) available
Threat Actors: vulnsis
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of wayoflifesc.gr by 0xSHALL / FOURSDEATH TEAM
Category: Defacement
Content: On May 29, 2026, threat actor 0xSHALL operating under the group FOURSDEATH TEAM defaced the Greek website wayoflifesc.gr, targeting a specific page (zxc.html). The incident was a targeted single-page defacement rather than a mass or home page defacement. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-05-28T22:06:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928767
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Way of Life SC
Victim Site: wayoflifesc.gr - Website Defacement of ekbana.co.jp by 0xSHALL of FOURSDEATH TEAM
Category: Defacement
Content: On May 29, 2026, a threat actor identified as 0xSHALL, operating under the group FOURSDEATH TEAM, defaced a page on the Japanese website ekbana.co.jp. The incident targeted a specific subpage (zxc.html) rather than the homepage, and was not part of a mass defacement campaign. The mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-05-28T22:04:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928769
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Ekbana
Victim Site: ekbana.co.jp - Alleged leak of 2 million Claude API tokens
Category: Data Leak
Content: A threat actor is distributing a claimed collection of 2 million Claude API tokens via an external site. The post does not specify the origin or method of collection. If valid, the tokens could allow unauthorized access to Anthropics Claude API services.
Date: 2026-05-28T21:40:14Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9D%A4%EF%B8%8F-CLAUDE-API-TOKENS-2-MILLION-AI-TOKIES-%E2%9D%A4%EF%B8%8F–2100733
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Alleged data leak of Allianz internal Docker images including source code and credentials
Category: Data Leak
Content: A threat actor claims to be releasing a full dump of approximately 500 internal Docker images (~40 GB) from Allianzs infrastructure. The leaked content allegedly includes internal microservice source code, hardcoded credentials for staging and production environments, API keys, database passwords, TLS private keys, and internal CA certificates. The content is gated behind forum points on a dark web forum.
Date: 2026-05-28T21:34:06Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SOURCE-CODE-Allianz-500-internal-docker-Images-leak
Screenshots:
1 screenshot(s) available
Threat Actors: hackformetome
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Allianz
Victim Site: allianz.com - Alleged data leak of Citex Systems (Egypt)
Category: Data Leak
Content: A threat actor known as Keymous claims to have leaked data from Citex Systems, a telecom and business solutions provider in Egypt. The alleged leak includes an employee management database (~800 persons with names and positions), a projects management database, and mailing/contact data. Files and samples are shared as hidden content accessible to registered forum members.
Date: 2026-05-28T21:32:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Egypt-Citex-Systems
Screenshots:
1 screenshot(s) available
Threat Actors: Keymous
Victim Country: Egypt
Victim Industry: Telecommunications
Victim Organization: Citex Systems
Victim Site: Unknown - Website Defacement of Graficas La Gomar by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On May 29, 2026, the website of Graficas La Gomar, a graphics and printing company, was defaced by threat actor Raxor404 operating under the team SANTIAGO404. The attack targeted a subdirectory of the WordPress-based site and was a standalone, non-mass defacement incident. The mirror of the defacement was archived via zone-xsec.com.
Date: 2026-05-28T21:13:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928764
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Spain
Victim Industry: Printing and Graphics Services
Victim Organization: Graficas La Gomar
Victim Site: graficaslagomar.com - Website Defacement of APHE (aphe.it) by Raxor404 of SANTIAGO404
Category: Defacement
Content: On May 29, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced a subdirectory of the Italian website aphe.it, targeting a file within the WordPress uploads directory. The defacement was a targeted single-site attack and does not appear to be part of a mass defacement campaign. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-05-28T21:11:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928766
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: APHE
Victim Site: aphe.it - Website Defacement of Shiabazar by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On May 29, 2026, the website shiabazar.com was defaced by threat actor Raxor404, operating under the team SANTIAGO404. The attack targeted a WordPress-based site, with the defacement impacting a specific upload directory rather than the homepage. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-28T21:10:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928765
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Shia Bazar
Victim Site: shiabazar.com - Alleged data leak of Smokers Choice USA — 980 GB corporate documents
Category: Data Breach
Content: A threat actor is selling an alleged 980 GB corporate document leak from Smokers Choice USA, the 6th largest tobacco outlet in the United States. The dataset reportedly contains over 303,000 files spanning billing and payment records, bank statements, laboratory reports, employee documents and resumes, product certifications, and store operations data. The seller states the sale is one-time and the price is negotiable.
Date: 2026-05-28T21:04:24Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-USA-leaks-data-smokers-choice-usa-980-gb
Screenshots:
5 screenshot(s) available
Threat Actors: Masterbyte
Victim Country: United States
Victim Industry: Retail
Victim Organization: Smokers Choice USA
Victim Site: Unknown - Sale of Ethereum Smart Contract Exploit
Category: Vulnerability
Content: A threat actor is selling an exploit targeting an Ethereum smart contract reportedly containing approximately $10,000 (5 ETH). The exploit is offered for $250 with escrow/middleman services available. No specific contract address or victim organization is identified.
Date: 2026-05-28T20:57:12Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Ethereum-Contract-Exploit
Screenshots:
1 screenshot(s) available
Threat Actors: SillyContract
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to Citex Systems (Egypt) – employee and project management systems compromised
Category: Initial Access
Content: Keymous threat actor claims to have compromised Citex Systems, a major Egyptian telecommunications and ICT company headquartered in Giza, Cairo. The actor claims access to: (1) Employee management system containing names, positions, and data for approximately 800 employees; (2) Projects Management system with project details, responsible parties, worker names, dates and locations; (3) Mailing system with all emails and contacts. Citex Systems provides telecom solutions, smart card systems, banki…
Date: 2026-05-28T20:31:40Z
Network: telegram
Published URL: https://t.me/c/2588114907/1324
Screenshots:
7 screenshot(s) available
Threat Actors: Keymous
Victim Country: Egypt
Victim Industry: Telecommunications & ICT
Victim Organization: Citex Systems
Victim Site: Unknown - Alleged data leak of Snapchat user database
Category: Data Leak
Content: A threat actor has shared what is claimed to be a Snapchat username database containing over 4.6 million records. The post was made on BreachForums with no additional content available to verify the nature or origin of the data.
Date: 2026-05-28T20:27:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Snapchat-Username-Database-%E2%80%93-4-6M-Records
Screenshots:
None
Threat Actors: Vyntra
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Snapchat
Victim Site: snapchat.com - Alleged data breach of Mexicos Bienestar Welfare Programs Portal (programasintegrales.bienestar.gob.mx)
Category: Data Leak
Content: Threat actors claim to have exploited an unauthenticated IDOR vulnerability on Mexicos Bienestar welfare programs portal, gaining access to data from two modules: Banco Bienestar de Hidalgo and Jóvenes Construyendo el Futuro. Approximately 1GB of data reportedly including INE identity documents, photos, and course records has been freely distributed via an external file-sharing link. Exploited credentials for an agent account are also disclosed in the post.
Date: 2026-05-28T20:14:36Z
Network: openweb
Published URL: https://breached.su/threads/programasintegrales-bienestar-gob-mx-leak.87687/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Nemoris_Hacking
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Secretaría de Bienestar (Mexico)
Victim Site: programasintegrales.bienestar.gob.mx - Alleged USDT Money Mule Recruitment Scam
Category: Cyber Attack
Content: Scam operators recruiting money mules to purchase and transfer USDT cryptocurrency. Posts claim to be from a global trading company offering 10-25% commissions on USDT transactions. Victims are instructed to receive funds first, then send USDT to operators – a classic advance-fee fraud and money laundering scheme. Multiple identical posts from different accounts indicate coordinated scam operation.
Date: 2026-05-28T20:06:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/91781
Screenshots:
1 screenshot(s) available
Threat Actors: Unknown scam ring
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Peyton Law Firm contact database
Category: Data Leak
Content: A threat actor has shared a CSV file purportedly containing 2,283 contacts from Peyton Law Firm, attributed to the World Leaks leak published in May 2020. The dataset includes first and last names, email addresses, phone numbers, and associated company information as of October 2020. The file is made available for free upon forum reply.
Date: 2026-05-28T19:45:18Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-USA-Peyton-Law-Firm-2-283-contacts
Screenshots:
1 screenshot(s) available
Threat Actors: henrymartin
Victim Country: United States
Victim Industry: Legal
Victim Organization: Peyton Law Firm
Victim Site: Unknown - Website Defacement of Starfish Education Portal by 0xSHALL (FOURSDEATH TEAM)
Category: Defacement
Content: On May 29, 2026, threat actor 0xSHALL operating under the group FOURSDEATH TEAM defaced a subpage of starfisheduportal.com, an education-related web portal. The attack targeted a specific page (zxc.html) rather than the homepage, indicating a targeted page-level defacement. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-05-28T19:23:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928763
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Starfish Education Portal
Victim Site: starfisheduportal.com - Website Defacement of Angbayanko.org by 0xSHALL of FOURSDEATH TEAM
Category: Defacement
Content: On May 29, 2026, the website angbayanko.org was defaced by a threat actor known as 0xSHALL, operating under the group FOURSDEATH TEAM. The defacement targeted a specific page (zxc.html) rather than the sites homepage, indicating a targeted page-level compromise. The incident was recorded and mirrored by zone-xsec.com, a known web defacement tracking platform.
Date: 2026-05-28T19:21:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928762
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Angbayanko
Victim Site: angbayanko.org - Alleged purchase request for Discord Zendesk database leak and Lebanon-related databases
Category: Data Breach
Content: A forum user is seeking to purchase the alleged Discord Zendesk database leak, reported to be approximately 1.5TB in size. The user is also requesting any databases related to Lebanon. The post does not indicate the user possesses the data, only that they are attempting to acquire it.
Date: 2026-05-28T19:11:44Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Discord-Zendesk-Leak-Other-DBs
Screenshots:
1 screenshot(s) available
Threat Actors: blatretz
Victim Country: United States
Victim Industry: Technology
Victim Organization: Discord
Victim Site: discord.com - Website Defacement of The Wellness Concierge by 0xSHALL (FOURSDEATH TEAM)
Category: Defacement
Content: On May 29, 2026, a threat actor known as 0xSHALL, operating under the group FOURSDEATH TEAM, defaced a subdirectory of thewellnessconcierge.sg, a Singapore-based health and wellness organization. The attack targeted a WordPress-related path and was a targeted single-page defacement rather than a mass or home page defacement. No specific motive or proof of concept was publicly disclosed.
Date: 2026-05-28T18:58:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928760
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Singapore
Victim Industry: Health & Wellness
Victim Organization: The Wellness Concierge
Victim Site: thewellnessconcierge.sg - Alleged data leak of Ecuadorian Armed Forces insurance policy documents
Category: Data Leak
Content: A threat actor has allegedly leaked confidential insurance policy documents belonging to the Ecuadorian Armed Forces, including inventories of weapons, military vehicles, combat aircraft, and warships. The documents reportedly cover policies valued at over $200 million USD. The data has been made available via an external file-sharing link.
Date: 2026-05-28T18:32:46Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78198
Screenshots:
1 screenshot(s) available
Threat Actors: V0lt4r0x
Victim Country: Ecuador
Victim Industry: Government
Victim Organization: Fuerzas Armadas del Ecuador
Victim Site: Unknown - Alleged data leak of Groupe IMA (Inter Mutuelles Habitat)
Category: Data Leak
Content: A threat actor on PwnForums claims to have leaked 6.2 GB of data belonging to Groupe IMA, a French assistance and insurance services provider. The leaked data is reported to include customer invoices and other customer information, made available via a public file-sharing link.
Date: 2026-05-28T18:01:03Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FR-6-2GB-Groupe-IMA-Inter-Mutuelles-Habitat
Screenshots:
1 screenshot(s) available
Threat Actors: NightLeVrai
Victim Country: France
Victim Industry: Insurance
Victim Organization: Groupe IMA (Inter Mutuelles Habitat)
Victim Site: ima-group.com - Alleged data breach of LinkedIn Australia with 5.1 million records
Category: Data Breach
Content: A threat actor is offering an alleged sample of a database purportedly containing 5.1 million Australian LinkedIn user records. The post includes a code/sample section, suggesting partial data is being shared to substantiate the claim. The full dataset may be available for sale or distribution.
Date: 2026-05-28T17:22:37Z
Network: openweb
Published URL: https://breached.su/threads/sample-5-1-million-australian-lingkedin-database.87684/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: Australia
Victim Industry: Technology
Victim Organization: LinkedIn
Victim Site: linkedin.com - Alleged leak of Claude API keys with token balance
Category: Data Leak
Content: A threat actor is distributing alleged Anthropic Claude API keys with claimed token balances of up to 2.5 million tokens. The post directs users to an external site for additional offerings. No details are provided regarding the source or method of compromise.
Date: 2026-05-28T16:58:38Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%AD%90-2-5-million-tokens-claude-opus-4-7-and-more-api-key-%E2%AD%90
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Alleged breach of 5.1 million Australian LinkedIn records
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit on Breachforums is discussing or offering a dataset containing 5.1 million Australian LinkedIn user records. The breach appears to be related to LinkedIns Australian user base.
Date: 2026-05-28T16:53:33Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/312
Screenshots:
2 screenshot(s) available
Threat Actors: mr-hanz-xploit
Victim Country: Australia
Victim Industry: Social Media/Professional Networking
Victim Organization: LinkedIn
Victim Site: linkedin.com - Website Defacement of Renala by Attacker agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced a page on renala.net, targeting a subdirectory within the sites media customer path. The defacement was an isolated, non-mass incident with no team affiliation reported. Technical details regarding the server infrastructure and attack vector remain unknown.
Date: 2026-05-28T16:53:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928737
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Renala
Victim Site: renala.net - Website Defacement of Ezohata by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a page on ezohata.com, targeting the media/customer directory of the website. The attack was carried out as a solo effort with no affiliated team, and the defacement was limited to a specific URL path rather than the homepage. Server and infrastructure details were not disclosed in the incident report.
Date: 2026-05-28T16:52:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928745
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ezohata
Victim Site: ezohata.com - Website Defacement of Mageleven by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a page on mageleven.com, targeting a subdirectory likely associated with customer media uploads. The attack was carried out by an individual actor with no affiliated team, and the defacement was not classified as a mass or home page defacement. Server and infrastructure details were not disclosed in the available reporting.
Date: 2026-05-28T16:51:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928725
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Mageleven
Victim Site: mageleven.com - Website Defacement of arepo.sk by Threat Actor agumon
Category: Defacement
Content: A threat actor operating under the alias agumon defaced a page on the Slovak website arepo.sk, targeting a media/customer address path. The incident was recorded on May 28, 2026, and does not appear to be part of a mass defacement campaign. No team affiliation, specific motive, or technical server details were disclosed.
Date: 2026-05-28T16:50:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928730
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Arepo
Victim Site: arepo.sk - Website Defacement of Tyent Australia by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a media directory page on tyentaustralia.com.au, the Australian website of Tyent, a company known for water ionizer and health product sales. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No team affiliation, specific motivation, or technical details regarding the server environment were disclosed.
Date: 2026-05-28T16:50:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928729
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Australia
Victim Industry: Retail / Health & Wellness
Victim Organization: Tyent Australia
Victim Site: tyentaustralia.com.au - Alleged leak of Arizona and Arkansas voter registration records
Category: Data Leak
Content: A threat actor on a dark web forum has freely shared two voter registration datasets — one for Arizona and one for Arkansas (2019) — containing fields including name, address, date of birth, phone number, email, and party affiliation. The files are hosted on an external file-sharing service. The actor explicitly notes the data is useful for locating individuals.
Date: 2026-05-28T16:49:20Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Two-more-good-pieces-of-data-Public-Records-you-have-a-right-to-see-them
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Government
Victim Organization: Arizona and Arkansas State Voter Registration
Victim Site: Unknown - Website Defacement of Boutique Moutard by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced the website of Boutique Moutard, a French retail/e-commerce boutique. The attacker targeted a media/customer directory path on the site. The incident was a targeted, single-site defacement with no team affiliation reported and limited technical metadata available.
Date: 2026-05-28T16:49:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928742
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: France
Victim Industry: Retail / E-Commerce
Victim Organization: Boutique Moutard
Victim Site: boutique-moutard.com - Website Defacement of Coderic Store by Attacker Agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced a media/customer directory on coderic.store, an e-commerce platform. The incident was a targeted single-site defacement with no team affiliation reported. Technical details such as the exploited vulnerability, server software, and victim country remain unknown.
Date: 2026-05-28T16:48:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928726
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Coderic Store
Victim Site: coderic.store - Website Defacement of myupona.com by Attacker agumon
Category: Defacement
Content: On May 28, 2026, the website myupona.com had a specific media/customer directory page defaced by a threat actor operating under the handle agumon. The defacement targeted a sub-path of the site rather than the homepage and was carried out as a single, non-mass defacement event. No team affiliation, server details, or stated motive were identified in association with this incident.
Date: 2026-05-28T16:47:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928738
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Myupona
Victim Site: myupona.com - Website Defacement of Nuovabai by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a subdirectory of the Italian website nuovabai.it, targeting a customer media path within the sites public directory. The attack was a targeted single-site defacement with no team affiliation reported. Server and infrastructure details were not disclosed in the available incident data.
Date: 2026-05-28T16:46:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928727
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Nuovabai
Victim Site: nuovabai.it - Alleged data leak of Jayapura Police Department, Indonesia
Category: Data Leak
Content: A threat actor operating under the handle zayn_ops88 has leaked what they claim to be the Jayapura Police Department database for free via a file-sharing link. The actor states the release is politically motivated in response to an unspecified incident in Papua, Indonesia. No record count or data field details were provided in the post.
Date: 2026-05-28T16:46:15Z
Network: openweb
Published URL: https://breached.su/threads/the-jayapura-indonesia-police-database-has-been-leaked.87682/unread
Screenshots:
1 screenshot(s) available
Threat Actors: zayn_ops88
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Jayapura Police Department
Victim Site: Unknown - Website Defacement of HomeOfTraffic by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced the website homeoftraffic.com, targeting a subdirectory within the media/custom path. The attack was carried out as a solo operation with no affiliated team, and no specific motive was disclosed. The defacement was confirmed via a mirror archived at zone-xsec.com.
Date: 2026-05-28T16:45:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928748
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Digital Marketing / Web Traffic Services
Victim Organization: Home of Traffic
Victim Site: homeoftraffic.com - Alleged data leak of AG Energi Australian database
Category: Data Leak
Content: A threat actor is freely distributing an alleged database attributed to AG Energi, an Australian energy company. The dataset reportedly contains approximately 1 million records. The post includes a sample and offers the full database as a free download.
Date: 2026-05-28T16:45:42Z
Network: openweb
Published URL: https://breached.su/threads/1-million-ag-energi-australian-database.87683/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: Australia
Victim Industry: Energy
Victim Organization: AG Energi
Victim Site: Unknown - Website Defacement of Megasoft Shop by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced the German e-commerce website megasoft-shop.de, targeting a media/customer directory path. The defacement was a standalone, non-mass incident with no attributed team affiliation. Technical details such as server software and exploitation method were not disclosed in the report.
Date: 2026-05-28T16:45:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928743
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Germany
Victim Industry: E-Commerce / Retail
Victim Organization: Megasoft Shop
Victim Site: megasoft-shop.de - Website Defacement of MageCaptain by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a media/customer directory page on magecaptain.com, a website likely associated with Magento or e-commerce services. The attack was a targeted single-page defacement with no team affiliation reported. No specific motive or exploitation method was disclosed.
Date: 2026-05-28T16:44:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928731
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: E-Commerce / Technology
Victim Organization: MageCaptain
Victim Site: magecaptain.com - Website Defacement of lsoul.com by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced a specific page on lsoul.com, targeting the media/customer address path. The attack was conducted without affiliation to a known group and was a targeted single-page defacement rather than a mass or home page compromise. Technical details regarding the server environment and attack vector remain unknown.
Date: 2026-05-28T16:43:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928733
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: LSoul
Victim Site: lsoul.com - Website Defacement of Lights for Signs by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a page on lightsforsigns.co.uk, a UK-based retailer specializing in lights and signs. The defacement targeted a subdirectory within the sites media path, suggesting possible exploitation of a content management system or file upload vulnerability. The actor operated independently without an affiliated team, and the incident was a single targeted defacement rather than a mass or repeated attack.
Date: 2026-05-28T16:42:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928746
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: United Kingdom
Victim Industry: Retail / Signage & Lighting
Victim Organization: Lights for Signs
Victim Site: lightsforsigns.co.uk - Website Defacement of Ultimus by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced a subdirectory of ultimus.ch, a Swiss-registered domain. The defacement targeted a specific media/customer path rather than the homepage and was carried out as a single, non-mass defacement incident. No team affiliation, motive, or technical exploitation details were disclosed.
Date: 2026-05-28T16:41:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928747
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Ultimus
Victim Site: ultimus.ch - Website Defacement of Olibro by Threat Actor agumon
Category: Defacement
Content: Threat actor agumon, operating without a known team affiliation, defaced a subpath of the Finnish website olibro.fi on May 28, 2026. The defacement targeted a media/customer address-related directory rather than the homepage, suggesting a targeted subdirectory compromise. No specific motive, proof of concept, or server details were disclosed in association with this incident.
Date: 2026-05-28T16:40:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928734
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Finland
Victim Industry: E-commerce / Retail
Victim Organization: Olibro
Victim Site: olibro.fi - Website Defacement of Motores y Persianas by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced the website of Motores y Persianas, a business likely operating in the motors and blinds/shutters retail sector. The defacement targeted a subdirectory path within the site and was neither a mass nor home page defacement. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-28T16:40:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928750
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Unknown
Victim Industry: Retail / Home Improvement
Victim Organization: Motores y Persianas
Victim Site: motoresypersianas.com - Website Defacement of Biovit Farma by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a media/customer-facing page on the Brazilian pharmaceutical company Biovit Farmas website. The attack was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed in the incident record.
Date: 2026-05-28T16:34:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928721
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Brazil
Victim Industry: Pharmaceutical / Healthcare
Victim Organization: Biovit Farma
Victim Site: biovitfarma.com.br - Website Defacement of runn1.pe by Threat Actor agumon
Category: Defacement
Content: On May 28, 2026, a threat actor operating under the alias agumon defaced a page on the Peruvian website runn1.pe, specifically targeting a customer address-related media path. The defacement was a singular, non-mass incident with no known team affiliation. Technical details such as the web server IP and software stack were not disclosed in the available reporting.
Date: 2026-05-28T16:32:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928719
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Runn1
Victim Site: runn1.pe - Alleged leak of Korean investment data
Category: Data Leak
Content: Threat actor claims possession of Korean investment data and announces a data leak scheduled for 2026. Described as new and very clean data. Posted via DeepCore Network channel.
Date: 2026-05-28T16:30:41Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/311
Screenshots:
2 screenshot(s) available
Threat Actors: DeepCore Network
Victim Country: South Korea
Victim Industry: Finance/Investment
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Lancore IT by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a subdirectory of the Polish IT company Lancore ITs website at lancore-it.pl. The attack targeted a specific media/customer path rather than the homepage and was carried out as an individual, non-mass defacement. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-28T16:30:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928724
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Poland
Victim Industry: Information Technology
Victim Organization: Lancore IT
Victim Site: lancore-it.pl - Sale of Korek Telecom database allegedly containing 750,000+ records
Category: Data Breach
Content: A threat actor on Demon Forums is offering for sale an alleged database from Korek Telecom, an Iraqi telecommunications provider, containing over 750,000 rows of data. The seller requests prospective buyers to submit their budget and interest before providing additional samples and pricing. Escrow is accepted as a payment method.
Date: 2026-05-28T16:30:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Iraq-Korek-Telecom-Database
Screenshots:
1 screenshot(s) available
Threat Actors: 7by7
Victim Country: Iraq
Victim Industry: Telecommunications
Victim Organization: Korek Telecom
Victim Site: korek.com - Alleged data leak of Gemini (Google)
Category: Data Leak
Content: A forum post on Cracked.st references a database allegedly associated with gemini.google.com. The post itself contains no substantive content beyond a bump, and no details about record count, data fields, or access method are provided.
Date: 2026-05-28T16:29:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-DATABASE-GEMINI-GOOGLE-COM
Screenshots:
1 screenshot(s) available
Threat Actors: Crypt0geist
Victim Country: United States
Victim Industry: Technology
Victim Organization: Google
Victim Site: gemini.google.com - Alleged leak of Claude API tokens via third-party aggregator
Category: Data Leak
Content: A threat actor is distributing what they claim to be 2.5 million Claude API tokens, linked to a third-party site (tokies.lol). If valid, these tokens could allow unauthorized access to Anthropics Claude API at the expense of legitimate account holders.
Date: 2026-05-28T16:29:30Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8-BEST-CLAUDE-API-TOKENS-2-5-MILLION-AI-TOKIES-%E2%9C%A8
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Website Defacement of Maximarcas by Threat Actor Agumon
Category: Defacement
Content: On May 28, 2026, threat actor agumon defaced a subdirectory of maximarcas.com.br, a Brazilian consumer goods or retail domain. The attack targeted a specific media path rather than the homepage, indicating a targeted file or directory-level defacement. No team affiliation, stated motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-28T16:29:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928722
Screenshots:
1 screenshot(s) available
Threat Actors: agumon
Victim Country: Brazil
Victim Industry: Retail / Consumer Goods
Victim Organization: Maximarcas
Victim Site: maximarcas.com.br - Alleged data breach of AG Energi (Australian energy company) – 1 million records
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit on Breachforums has posted about a breach of AG Energi, an Australian energy company, claiming access to 1 million records. The breach details are shared on Breachforums thread discussing the Australian database compromise.
Date: 2026-05-28T16:17:55Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/310
Screenshots:
2 screenshot(s) available
Threat Actors: mr-hanz-xploit
Victim Country: Australia
Victim Industry: Energy
Victim Organization: AG Energi
Victim Site: Unknown - Alleged data leak of ManoMano France
Category: Data Leak
Content: A threat actor on a cybercrime forum claims to be distributing a complete database associated with manomano.fr, a French home improvement and gardening marketplace. The post includes a download link, though no details on record count or data fields are provided.
Date: 2026-05-28T16:08:52Z
Network: openweb
Published URL: https://breached.su/threads/database-complete-manomano-fr.87681/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Xyph0rix
Victim Country: France
Victim Industry: Retail
Victim Organization: ManoMano
Victim Site: manomano.fr - Alleged data breach of ManoMano France – database dump shared
Category: Data Breach
Content: A user named xyph0rix has posted a thread on Breachforums claiming to have a complete database dump from ManoMano France (manomano.fr). The breach details are being shared on the underground forum.
Date: 2026-05-28T15:46:06Z
Network: telegram
Published URL: https://t.me/Xyph0rix/464
Screenshots:
2 screenshot(s) available
Threat Actors: xyph0rix
Victim Country: France
Victim Industry: E-commerce/Retail
Victim Organization: ManoMano
Victim Site: manomano.fr - Alleged sale of stolen TikTok and SHEIN business accounts, and CVV payment card data
Category: Initial Access
Content: Threat actor advertising the sale of compromised TikTok US personal accounts, TikTok US store accounts with violation appeal status, SHEIN self-operated LLC accounts (US and EU), bulk TikTok video accounts with 500k+ followers, and CVV payment card codes. Prices range from 100-800 USDT. Contact via Telegram handles @pipl1on33uku and @Nikiccv.
Date: 2026-05-28T15:35:52Z
Network: telegram
Published URL: https://t.me/c/2613583520/91634
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: Unknown
Victim Industry: Technology, E-commerce
Victim Organization: Unknown
Victim Site: Unknown - Sale of stealer malware source code with builder panel and full control access
Category: Malware
Content: A threat actor is selling a complete stealer malware source code package for $70, with a full setup and distribution package available for $150. The offering includes remote access, data exfiltration, anti-detection, persistence, DDoS capability, and a builder panel with branding customization. The seller advertises it as suitable for building a private botnet.
Date: 2026-05-28T15:33:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Making-Your-Own-Stealer-%E2%80%94-Complete-Package-with-Full-Control-Access
Screenshots:
1 screenshot(s) available
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of EnVisite.net
Category: Data Leak
Content: A threat actor has freely distributed an alleged database dump from EnVisite.net, a French real estate virtual tour platform. The leaked data, in JSON format (63 MB), contains personally identifiable information including names, email addresses, phone numbers, physical addresses, and company affiliations of real estate professionals. Multiple file-sharing links were provided for download.
Date: 2026-05-28T15:33:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-138K-ENVISITE-NET
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Real Estate
Victim Organization: EnVisite
Victim Site: envisite.net - Sale of stealer malware source code with crypto clipper and builder panel
Category: Malware
Content: A threat actor is selling a stealer malware source code package priced at $70 for source code only or $150 for a full package including setup and promotion. The package reportedly includes remote access, data exfiltration, crypto clipping, anti-detection, persistence, DDoS functionality, and a builder panel. The seller advertises full customization and no recurring fees.
Date: 2026-05-28T15:33:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Making-Your-Own-Stealer-Crypto-clipper-%E2%80%94-Complete-Package-with-Full-Control-Access
Screenshots:
1 screenshot(s) available
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Figaro Immobilier (explorimmo.com) database
Category: Data Leak
Content: A threat actor using the handle ChimeraZ claims to have leaked a 170 MB JSON database attributed to explorimmo.com, a French real estate platform operated by Figaro Classifieds. The dataset reportedly contains approximately 100,000 records including customer invoices with full names, postal addresses, billing amounts, internal references, and financial details. Sample records show structured invoice data from Figaro Classifieds SAS with personally identifiable and financial information.
Date: 2026-05-28T15:32:09Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-100K-Figaro-Immobilier
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Real Estate
Victim Organization: Figaro Classifieds / Figaro Immobilier
Victim Site: explorimmo.com - Alleged sale of RDP access and compromised cloud accounts
Category: Initial Access
Content: Threat actor offering rental access to RDP servers on Azure, AWS, and Digital Ocean infrastructure for $200, along with compromised email accounts (domain mail, Gmail, Yahoo), GitHub student accounts, ChatGPT Plus subscriptions, Claude 20x plan, and ElevenLabs creator plan access. Prices listed for various services with escrow payment option available.
Date: 2026-05-28T15:30:34Z
Network: telegram
Published URL: https://t.me/c/2613583520/91633
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Technology/Cloud Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged DDoS-as-a-Service Advertisement for Goofystress Booter Platform
Category: Malware
Content: Multiple spam advertisements for Goofystress, a DDoS booter/stresser service offering Layer 4 (TCP/UDP flood) and Layer 7 (HTTP) attack capabilities. Service advertises 1.5-2 million pps TCP flood and 6-10 million pps UDP flood per concurrent connection, CAPTCHA/cache/UAM bypasses, and game server attack functionality (Fortnite, Minecraft, Apex, COD, Roblox, Battlefield). Claims 3+ years of operation with 1000-1500 customers and 190-200 monthly active users.
Date: 2026-05-28T15:29:59Z
Network: telegram
Published URL: https://t.me/c/1669509146/99706
Screenshots:
2 screenshot(s) available
Threat Actors: Goofystress
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sabotage of hotel security infrastructure in Istanbul by Armenian code
Category: Defacement
Content: Armenian code threat actor claims to have disabled cameras and control interface systems at a prestigious hotel in Istanbul, Turkey. The post includes a photo as evidence and appears to be posted on their Telegram channel.
Date: 2026-05-28T14:52:19Z
Network: telegram
Published URL: https://t.me/c/3628793212/229
Screenshots:
3 screenshot(s) available
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Hospitality
Victim Organization: Prestigious hotel (unnamed)
Victim Site: Unknown - Sale of compromised PayPal accounts with balances
Category: Carding
Content: A threat actor is selling verified PayPal accounts with confirmed balances ranging from $2,000 to $10,000, priced between $150 and $600 per account. Each account includes email address, PayPal password, and associated SOCKS proxy IP. The accounts are advertised as suitable for fraudulent purchases.
Date: 2026-05-28T14:47:36Z
Network: openweb
Published URL: https://breached.su/threads/verified-paypal-account-with-funds-instant-paypal-transfer-100-legit.87675/unread
Screenshots:
1 screenshot(s) available
Threat Actors: duchproc3d
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: paypal.com - Sale of cloned ATM cards, credit cards with CVV, and skimmed dumps with PINs
Category: Carding
Content: A threat actor operating under the alias ColdApollo is offering cloned ATM cards, credit cards with CVV, non-VBV cards, and freshly skimmed dumps with PINs (Track 1 & 2) for multiple countries including the US, UK, Canada, Australia, and EU. Pricing ranges from $60–$80 per dump set and $100–$500 for cloned cards with balances of $2,000–$9,000. The post includes sample dump records tied to banks such as Barclays, Natixis, and CIBC.
Date: 2026-05-28T14:46:30Z
Network: openweb
Published URL: https://breached.su/threads/atm-2k-4k-clone-cards-available-high-low-balance-available-fast-delivery-with-tracking-number.87676/unread
Screenshots:
6 screenshot(s) available
Threat Actors: duchproc3d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Autarquia de Serpa alvo de ataque informático | Rádio Voz da Planície – 104.5FM – Beja
Category: Cyber Attack
Content: The municipality of Serpa fell victim to an external cyberattack targeting its IT infrastructure. The incident was immediately reported to the relevant authorities, including the National Cybersecurity Centre. Although the system is considered secure, municipal services continue to operate under constraints, including the absence of fixed and mobile communications.
Date: 2026-05-28T14:32:50Z
Network: openweb
Published URL: https://www.vozdaplanicie.pt/index.php/noticias/camara-municipal-de-serpa-alvo-de-ataque-informatico
Screenshots:
None
Threat Actors:
Victim Country: Puerto Rico
Victim Industry: Unknown
Victim Organization: Serpa
Victim Site: cm-serpa.pt - Alleged data breach of resana.numerique.gouv.fr
Category: Data Breach
Content: A threat actor is selling an alleged database from the French government platform resana.numerique.gouv.fr, a collaboration tool operated under numerique.gouv.fr. The offered dataset reportedly contains 989,828 complete entries, with a sample available for review.
Date: 2026-05-28T14:15:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-resana-numerique-gouv-fr-989k
Screenshots:
1 screenshot(s) available
Threat Actors: xMetah
Victim Country: France
Victim Industry: Government
Victim Organization: Direction Interministérielle du Numérique (DINUM)
Victim Site: resana.numerique.gouv.fr - Alleged data leak of Ledger
Category: Data Leak
Content: A threat actor claims to have leaked a database belonging to Ledger, a cryptocurrency hardware wallet company. The post was shared on a darknet forum under the databases section. No further details regarding record count or data types were provided in the post.
Date: 2026-05-28T14:10:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Ledger
Screenshots:
1 screenshot(s) available
Threat Actors: fabriceslaoui
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Ledger
Victim Site: ledger.com - Sale of automated phishing tool with 30+ templates
Category: Phishing
Content: A threat actor is offering an automated phishing tool featuring over 30 templates on a cybercrime forum. The post was authored by kolpak228 on breached.su. No specific victim or pricing details are available from the post content.
Date: 2026-05-28T13:31:22Z
Network: openweb
Published URL: https://breached.su/threads/automated-phishing-tool-with-30-templates.87672/unread
Screenshots:
1 screenshot(s) available
Threat Actors: kolpak228
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Kuningan Regency Government website
Category: Data Breach
Content: A threat actor claims to have extracted data from the Kuningan Regency Government website (kuningankab.go.id) in Indonesia. The dump includes bank account numbers, addresses, city names, and bank names (BTN, BRI), though most fields such as NIK, NIP, NPWP, phones, and emails returned zero results. The post was shared on the Breached forum with a timestamp suggesting recent activity.
Date: 2026-05-28T13:30:38Z
Network: openweb
Published URL: https://breached.su/threads/data-kuningan-kab.87671/unread
Screenshots:
1 screenshot(s) available
Threat Actors: JundXsurcine
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kuningan Regency Government
Victim Site: kuningankab.go.id - Website Defacement of The Inclusive AI by Attacker Y4NZ404
Category: Defacement
Content: On May 28, 2026, the website theinclusiveai.org was defaced by the attacker known as Y4NZ404, operating without a team affiliation. The attack targeted the homepage of the organization, an AI-focused entity, resulting in a full home page defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-28T13:17:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928686
Screenshots:
1 screenshot(s) available
Threat Actors: Y4NZ404, No team
Victim Country: Unknown
Victim Industry: Technology / Artificial Intelligence
Victim Organization: The Inclusive AI
Victim Site: theinclusiveai.org - Alleged website defacement by GHOSTNET-X
Category: Defacement
Content: GHOSTNET-X claims responsibility for defacing marjoriekoyuncu.freshappreviews.com. Post includes threat actor signature and greetings to affiliated groups (Allaliance-x, Allhacktivist, Allaliance).
Date: 2026-05-28T13:15:03Z
Network: telegram
Published URL: https://t.me/Ghostnet_x/46
Screenshots:
2 screenshot(s) available
Threat Actors: GHOSTNET-X
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: marjoriekoyuncu.freshappreviews.com
Victim Site: marjoriekoyuncu.freshappreviews.com - Website Defacement of EBO Fashion Store by Y4NZ404
Category: Defacement
Content: On May 28, 2026, the fashion e-commerce website ebofashion.store was defaced by threat actor Y4NZ404 operating independently without a team affiliation. The attack resulted in a homepage defacement, replacing the sites content with the attackers own messaging. No specific motivation or technical details regarding the server environment were disclosed.
Date: 2026-05-28T13:14:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928687
Screenshots:
1 screenshot(s) available
Threat Actors: Y4NZ404, No team
Victim Country: Unknown
Victim Industry: Retail / Fashion E-Commerce
Victim Organization: EBO Fashion Store
Victim Site: ebofashion.store - Alleged data leak of JINYOUNG Tech Co., Ltd.
Category: Data Leak
Content: A threat actor has freely distributed data allegedly belonging to JINYOUNG Tech Co., Ltd., a South Korean precision manufacturing company. The post includes a screenshot of the data and a Mega.nz download link. The exact record count and data types are not specified in the post.
Date: 2026-05-28T12:30:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-JINYOUNG-Tech-Co-Ltd-Precision-Manufacturing–78167
Screenshots:
1 screenshot(s) available
Threat Actors: Moneyistime
Victim Country: South Korea
Victim Industry: Manufacturing
Victim Organization: JINYOUNG Tech Co., Ltd.
Victim Site: jytkorea.com - Sale of fresh non-VBV debit and credit card list
Category: Carding
Content: A forum user is offering a list of fresh non-VBV debit and credit cards on a dark web forum. The full content is paywalled and requires account registration to view. No specific victim organization or record count is disclosed in the visible portion of the post.
Date: 2026-05-28T12:02:34Z
Network: openweb
Published URL: https://darkpro.net/threads/fresh-non-vbv-debit-credit-cards-list-by-carding-forum.23290/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Philippine Government IDs scraped from government websites
Category: Data Breach
Content: A threat actor is offering for sale over 70,000 Philippine government-issued IDs, including UMIDs, drivers licenses, and other ID types, claimed to have been scraped from Philippine government websites. The seller states the data has not been previously leaked and is open to price negotiation via Telegram.
Date: 2026-05-28T11:55:08Z
Network: openweb
Published URL: https://breached.su/threads/philippines-government-ids-for-sale.87670/unread
Screenshots:
1 screenshot(s) available
Threat Actors: 0xLei
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of IdeaBrowser
Category: Data Breach
Content: A threat actor identified as KrolikHacking claims to be selling a database allegedly extracted from IdeaBrowser.com containing over 700,000 user records. The dataset reportedly includes full names, email addresses, and hashed passwords. The seller is offering the data for 5 XMR (negotiable) and states extraction was halted before the full dataset could be obtained.
Date: 2026-05-28T11:34:59Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-SELLING-IDEABROWSER-FULL-DATABASE-OF-ALL-USERS
Screenshots:
1 screenshot(s) available
Threat Actors: KrolikHacking
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: IdeaBrowser
Victim Site: ideabrowser.com - Alleged data breach of Land Transportation Office Philippines
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of 14 million records stolen from the Philippine Land Transportation Office (lto.gov.ph). The dataset reportedly includes full names, addresses, dates of birth, biometric details, and user images. The seller claims to possess a proof-of-concept 0day exploit on the LTO system to verify the datas authenticity, and is offering exclusive access to a single buyer.
Date: 2026-05-28T11:33:48Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Land-Transportation-Office-lto-gov-ph-PII-Philippines-Breached
Screenshots:
1 screenshot(s) available
Threat Actors: AnthraxSec
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Land Transportation Office
Victim Site: lto.gov.ph - Alleged website defacement by Mr.PIMZZZXploit
Category: Defacement
Content: Multiple websites have been defaced with a message claiming Hacked By Mr.PIMZZZXploit. The defacement content is hosted across numerous compromised domains including subdomains of meatsokogroup.com, outstrip.ba, aaainterpretation.com, and maveesupplementstores.com. A mirror of the defacement is available on hack-db.org.
Date: 2026-05-28T11:26:47Z
Network: telegram
Published URL: https://t.me/BabayoErorSystem2/42
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: meatsokogroup.com, outstrip.ba, aaainterpretation.com, maveesupplementstores.com - Alleged sale of compromised email and account access
Category: Initial Access
Content: Threat actor offering access to compromised email accounts (Hotmail, Yahoo, Gmail) and platform accounts (eBay, Uber, Walmart, Amazon, Reddit, Marriott, Poshmark, etc.) across multiple countries including USA, UK, Canada, France, Belgium, Australia, Netherlands, Poland, Germany, and Japan. Seller claims fresh and valid access with targeting capabilities by keyword.
Date: 2026-05-28T11:22:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/91498
Screenshots:
1 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: United States, United Kingdom, Canada, France, Belgium, Australia, Netherlands, Poland, Germany, Japan
Victim Industry: Multiple (e-commerce, email providers, travel, social platforms)
Victim Organization: Unknown
Victim Site: Unknown - Alleged Unauthorized Access to Private Estate in Ukraine with Doxxing Intent
Category: Cyber Attack
Content: NoName057(16) claims to have gained unauthorized access to CCTV systems of a luxurious private estate in Volyn region, western Ukraine. The group published detailed descriptions and imagery of the property, residents lifestyle, and security infrastructure. The post frames this as exposing corruption of Ukrainian elites during wartime, using political messaging (#OpUkraine, #TimeOfRetribution) to justify the intrusion and doxxing. This represents a cyber attack combined with targeted harassment a…
Date: 2026-05-28T11:20:10Z
Network: telegram
Published URL: https://t.me/c/3087552512/2041
Screenshots:
1 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: Residential/Private
Victim Organization: Unknown
Victim Site: Unknown - Alleged cyberattack assignments against Ukraine infrastructure
Category: Cyber Attack
Content: Actor claims to have received assignments to conduct cyberattacks against Ukraine on behalf of Russia, with financial motivation mentioned.
Date: 2026-05-28T11:03:14Z
Network: telegram
Published URL: https://t.me/c/2735908986/4523
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Ukraine
Victim Industry: Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of iFood Brazil with extortion threat
Category: Data Breach
Content: A threat actor claims to possess approximately 43.8 million iFood customer records containing CPF numbers, full names, emails, phone numbers, and credit card data. The actor is demanding payment from iFood, threatening to progressively leak the data if contact is not made by June 10. Sample data links were shared on paste.sh to substantiate the claim.
Date: 2026-05-28T10:58:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-iFood-Brazil-ifood-com-br
Screenshots:
1 screenshot(s) available
Threat Actors: bacen
Victim Country: Brazil
Victim Industry: Food Delivery / Technology
Victim Organization: iFood
Victim Site: ifood.com.br - Alleged data leak of teamplus.tech (e8d-TW)
Category: Data Leak
Content: A threat actor claims to have breached teamplus.tech and is freely distributing internal data, system information, and other materials via a hidden download link on a breach forum. The post characterizes the intrusion as retaliatory and asserts that the victims security controls were ineffective. The exact contents and volume of the leaked data are not specified.
Date: 2026-05-28T10:56:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-FREE-e8d-TW-teamplus-tech
Screenshots:
1 screenshot(s) available
Threat Actors: tojode9265
Victim Country: Taiwan
Victim Industry: Technology
Victim Organization: TeamPlus
Victim Site: teamplus.tech - Alleged data leak of Bekasi city residents from bekasi.go.id
Category: Data Leak
Content: A threat actor has freely shared what is claimed to be a database of Bekasi city residents sourced from bekasi.go.id. The leaked data includes national identity numbers (NIK), full names, gender, date of birth, phone numbers, and full addresses. The record count is not explicitly stated, though sample entries suggest a large dataset.
Date: 2026-05-28T10:18:01Z
Network: openweb
Published URL: https://breached.su/threads/database-warga-bekaso-go-id.87664/unread
Screenshots:
11 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Bekasi City Government
Victim Site: bekasi.go.id - Alleged Data Leak of Bekasi Regional Government Resident Database
Category: Data Leak
Content: A threat actor known as RanzXZ claims to have freely shared a database from bekasi.go.id, the official website of the Bekasi regional government in Indonesia. The leaked data includes national identity numbers (NIK), full names, gender, date of birth, phone numbers, and full residential addresses of Bekasi residents. The post includes sample records and the data appears to be structured citizen registry information.
Date: 2026-05-28T10:17:18Z
Network: openweb
Published URL: https://breached.su/threads/database-warga-bekasi-go-id.87665/unread
Screenshots:
4 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pemerintah Kota Bekasi (Bekasi Regional Government)
Victim Site: bekasi.go.id - Alleged container escape vulnerability in Google Cloud Shell
Category: Vulnerability
Content: A security researcher published a technical analysis of Google Cloud Shells internal mechanisms, describing enumeration of the containerized environment and identification of indicators suggesting a container escape vulnerability. The post details discovery of a Docker container running an Ubuntu userland over a ChromeOS kernel within a Kubernetes-orchestrated environment, with root access already present. The research was reportedly conducted under Google Clouds vulnerability reward program.
Date: 2026-05-28T09:49:07Z
Network: openweb
Published URL: https://tier1.life/thread/267
Screenshots:
17 screenshot(s) available
Threat Actors: RedQueen
Victim Country: United States
Victim Industry: Technology
Victim Organization: Google
Victim Site: cloud.google.com - Alleged sale of compromised TikTok and SHEIN business accounts
Category: Initial Access
Content: Threat actor offering to sell compromised TikTok US personal accounts, TikTok US Store LLC accounts with violation appeal status, and SHEIN self-operated LLC accounts across multiple categories. Pricing ranges from 100-800 USDT. Accounts include bulk TikTok video accounts with 500,000+ followers. Contact via Telegram handle provided.
Date: 2026-05-28T08:35:53Z
Network: telegram
Published URL: https://t.me/c/2613583520/91400
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: United States
Victim Industry: social media, e-commerce
Victim Organization: TikTok, SHEIN
Victim Site: tiktok.com, shein.com - Alleged sale of compromised TikTok and SHEIN accounts
Category: Initial Access
Content: Threat actor offering to sell verified TikTok US personal accounts, TikTok US store accounts with violation appeals passed, SHEIN self-operated LLC accounts, and bulk TikTok accounts with 500k+ followers. Prices range from 100-800 USDT. Contact via Telegram @pipl1on33uku.
Date: 2026-05-28T07:38:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/91374
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: United States
Victim Industry: Social Media, E-commerce
Victim Organization: TikTok, SHEIN
Victim Site: Unknown - Alleged data leak of sensitive documents from Indonesian Ministry of Home Affairs (ppid.kemendagri.go.id)
Category: Data Leak
Content: A threat actor operating under the handle SHENHAXSEC has freely leaked sample sensitive documents allegedly originating from the Indonesian Ministry of Home Affairs public information portal (ppid.kemendagri.go.id). The documents were shared without charge on a cybercrime forum. No further details regarding the volume or specific nature of the documents were provided.
Date: 2026-05-28T07:34:50Z
Network: openweb
Published URL: https://breached.su/threads/free-leaked-sensitive-document-from-ppid-kemendagri-go-id-shenhaxsec.87662/unread
Screenshots:
1 screenshot(s) available
Threat Actors: ruiixh4xor_
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Ministry of Home Affairs Indonesia
Victim Site: ppid.kemendagri.go.id - Alleged sale of Amazon account bypass tool
Category: Initial Access
Content: Threat actor offering a bypass tool or method targeting Amazon accounts. The post indicates availability of 1x bypass for Amazon.com with accompanying photo evidence.
Date: 2026-05-28T07:06:12Z
Network: telegram
Published URL: https://t.me/c/2315649855/380
Screenshots:
2 screenshot(s) available
Threat Actors: CASH NETWORK
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Amazon
Victim Site: amazon.com - Mass and Redefacement of anwarulharomain.com by Adam Novice of Black Elerone Team
Category: Defacement
Content: On May 28, 2026, threat actor Adam Novice operating under the Black Elerone Team conducted a mass and repeated defacement of anwarulharomain.com, a site associated with an Islamic religious organization. The attack targeted a Linux-based web server and represents both a mass defacement campaign and a redefacement of a previously compromised target. A mirror of the defacement has been archived at haxor.id.
Date: 2026-05-28T06:25:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249669
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Unknown
Victim Industry: Religious/Islamic Organization
Victim Organization: Anwarul Haromain
Victim Site: anwarulharomain.com - Mass Website Defacement of Indonesian Educational Institution by Black Elerone Team
Category: Defacement
Content: On May 28, 2026, a threat actor known as Adam Novice, operating under the Black Elerone Team, conducted a mass defacement attack against an Indonesian vocational school website hosted on a Linux server. This incident is identified as a re-defacement, indicating the target had been previously compromised, and is part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-28T06:23:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249670
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Smart Al-Muhsin
Victim Site: www.indocentris.smksmart-almuhsin.sch.id - Alleged data breach of Prottech exposing 300+ researchers personal information
Category: Data Breach
Content: Threat actor group Gladiator God (گلادیاتور خدا) claimed responsibility for exposing personal information of over 300 scientists and researchers from US biotechnology company Prottech. Exposed data reportedly includes names, phone numbers, and physical locations. The group issued threats to target technology companies, universities, and financial institutions of countries supporting specific geopolitical positions.
Date: 2026-05-28T06:23:09Z
Network: telegram
Published URL: https://t.me/c/1283513914/21955
Screenshots:
2 screenshot(s) available
Threat Actors: Gladiator God
Victim Country: United States
Victim Industry: Biotechnology
Victim Organization: Prottech
Victim Site: Unknown - Mass defacement of Indonesian vocational school website by Adam Novice of Black Elerone Team
Category: Defacement
Content: On May 28, 2026, a threat actor known as Adam Novice, operating under the Black Elerone Team, conducted a mass defacement targeting the Indonesian vocational school SMK Ampari. The attack compromised the schools news section at smk-ampari.sch.id/berita on a Linux-based server. This incident was part of a broader mass defacement campaign, with a mirror of the defaced page archived at haxor.id.
Date: 2026-05-28T06:17:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249668
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Ampari
Victim Site: www.smk-ampari.sch.id - Sale of alleged database from Chinese forum Pincong (pincong.rock) with 65K+ user records
Category: Data Breach
Content: A threat actor is selling an alleged database from the Chinese forum Pincong (pincong.rock) containing over 65,000 user records including UIDs, usernames, and passwords, priced at 2,700 USDT. The seller claims the credentials can be used to access 10,000+ email accounts on Gmail, Hotmail, and Outlook via credential stuffing. A sample is available upon request via private message or Telegram.
Date: 2026-05-28T06:13:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Sale-pincong-rock-databases-65k-usrename-password–2100417
Screenshots:
2 screenshot(s) available
Threat Actors: Illarion
Victim Country: China
Victim Industry: Online Community / Forum
Victim Organization: Pincong
Victim Site: pincong.rock - Alleged sale of compromised TikTok and SHEIN business accounts
Category: Initial Access
Content: Threat actor offering to sell compromised TikTok US personal accounts, TikTok US LLC store accounts with violation appeals passed, and SHEIN self-operated LLC accounts across multiple categories. Pricing ranges from 300-800 USDT. Services include bulk TikTok accounts with 500k+ followers and escrow arrangements.
Date: 2026-05-28T06:04:50Z
Network: telegram
Published URL: https://t.me/c/2613583520/91313
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: United States
Victim Industry: Social Media, E-commerce
Victim Organization: TikTok, SHEIN
Victim Site: Unknown - Alleged data leak of two Thai companies
Category: Data Leak
Content: A threat actor claims to have leaked databases belonging to two companies based in Thailand. No further details regarding the organizations, record counts, or data types were provided in the post.
Date: 2026-05-28T05:28:07Z
Network: openweb
Published URL: https://breached.su/threads/2-database-company-thailand-leaked.87660/unread
Screenshots:
1 screenshot(s) available
Threat Actors: zarrk
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Partainasdem.id – Database leak distributed
Category: Data Leak
Content: A user claiming to be from threat actor group C10F/x404 is distributing a leaked database allegedly from Partainasdem.id (Indonesian organization) in PDF and ZIP formats via MEGA file sharing service. The content is being shared for free.
Date: 2026-05-28T05:09:04Z
Network: telegram
Published URL: https://t.me/C10Fx404/86
Screenshots:
2 screenshot(s) available
Threat Actors: C10F
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Partainasdem.id
Victim Site: partainasdem.id - Alleged Data Leak of Poll Worker PII from Exposed AWS S3 Bucket Affecting 14 US States
Category: Data Leak
Content: A threat actor claims to have discovered and exfiltrated files from an unprotected Amazon S3 bucket belonging to Easy Vote, an election poll worker training company based in Georgia. The exposed files allegedly contained PII of poll workers across 14 US states, including Social Security Numbers, tax forms (W2/W4), and personal details such as family members and doctors. The actor states the data was subsequently shared publicly via a link posted to Raid Forums, where it attracted media attenti
Date: 2026-05-28T04:59:11Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-A-bunch-of-files-from-the-lovely-State-of-Georgia-The-state-Trump-LOST-to-Biden
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Government
Victim Organization: Easy Vote
Victim Site: Unknown - Alleged data breach of India Nationwide Identity Dataset (HITEK) — 850 million Aadhaar-linked records
Category: Data Breach
Content: A threat actor is offering a 109 GB dataset purportedly containing 850 million Aadhaar-linked identity records from India, marketed as Full PII / Telecom-Linked Aadhaar Records. The dataset allegedly includes names, Aadhaar numbers, full addresses, mobile numbers, and email addresses in JSON format. Access requires payment of forum points, suggesting the data is being sold rather than freely distributed.
Date: 2026-05-28T04:56:09Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-850M-India-Nationwide-Identity-Dataset-HITEK-109-GB
Screenshots:
1 screenshot(s) available
Threat Actors: deb163
Victim Country: India
Victim Industry: Government
Victim Organization: HITEK
Victim Site: Unknown - Alleged data leak of BKPSDM Karangasem Regency (bkpsdm.karangasemkab.go.id)
Category: Data Leak
Content: A threat actor operating under the alias RanzXZ has leaked a database allegedly belonging to BKPSDM Karangasem Regency, an Indonesian regional civil service agency. The data was made freely available via a Google Drive link on the Breached forum. No record count or data fields were specified in the post.
Date: 2026-05-28T04:54:03Z
Network: openweb
Published URL: https://breached.su/threads/database-bkpsdm-karangasemkab-go-id.87659/unread
Screenshots:
1 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: BKPSDM Karangasem Regency
Victim Site: bkpsdm.karangasemkab.go.id - Alleged sale of stolen accounts, RDP access, and credential databases on Squad Chat Marketplace
Category: Initial Access
Content: Multiple threat actors advertising illegal goods on Squad Chat Marketplace including: stolen TikTok and SHEIN accounts, fresh credential databases from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT), RDP access for Azure/AWS/DigitalOcean, stolen email accounts (Gmail, Yahoo, domain mail), and GitHub student accounts. Boss Shop advertising fresh credit card data with daily updates. USDT money laundering schemes also present.
Date: 2026-05-28T04:15:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/91255
Screenshots:
2 screenshot(s) available
Threat Actors: Boss Shop
Victim Country: Multiple countries
Victim Industry: Technology, E-commerce, Cloud Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of South Jakarta City residents database
Category: Data Leak
Content: A threat actor known as Mr. Hanz Xploit claims to have leaked a database containing personal information of residents of South Jakarta City, Indonesia. The database is being distributed for free on a cybercrime forum. A sample was included in the post, though the total record count was not specified.
Date: 2026-05-28T03:51:53Z
Network: openweb
Published URL: https://breached.su/threads/leaked-residents-of-south-jakarta-city.87658/unread
Screenshots:
3 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: South Jakarta City Administration
Victim Site: Unknown - Alleged data leak of pa-gunungsitoli.go.id (Indonesian Government Court)
Category: Data Leak
Content: A threat actor leaked a database from the Indonesian government court website pa-gunungsitoli.go.id. The dump includes personnel records with fields such as full name, national ID number (NIP), place and date of birth, position, and photo links. The data was shared freely on the Breached forum.
Date: 2026-05-28T03:17:50Z
Network: openweb
Published URL: https://breached.su/threads/database-pa-gunungsitoli-go-id.87656/unread
Screenshots:
3 screenshot(s) available
Threat Actors: zyvra
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pengadilan Agama Gunungsitoli
Victim Site: pa-gunungsitoli.go.id - Alleged data leak of SMK Islamic Centre Indonesia
Category: Data Leak
Content: A threat actor leaked a database dump attributed to smkislamiccentre.sch.id, an Indonesian Islamic vocational school. The exposed data includes student records with full names, gender, class, date of birth, home address, and photo file paths from the data_anggota table. The post was shared freely on a public breach forum.
Date: 2026-05-28T03:17:14Z
Network: openweb
Published URL: https://breached.su/threads/dbs-smkislamiccentre-sch-id.87657/unread
Screenshots:
3 screenshot(s) available
Threat Actors: zyvra
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Islamic Centre
Victim Site: smkislamiccentre.sch.id - Alleged data leak of PSHT martial arts organization member records
Category: Data Leak
Content: A threat actor has freely leaked a dataset allegedly containing member records of PSHT (Persaudaraan Setia Hati Terate), a major Indonesian pencak silat organization with approximately 7 million members worldwide. The dataset, covering 2021–2022, includes fields such as full name, gender, date of birth, religion, occupation, address, phone number, and membership details. The actor claims a more recent 2023–2026 version will be released subsequently.
Date: 2026-05-28T02:45:05Z
Network: openweb
Published URL: https://breached.su/threads/indonesia-psht-martial-arts-members-data.87655/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Akasha
Victim Country: Indonesia
Victim Industry: Sports & Recreation
Victim Organization: Persaudaraan Setia Hati Terate (PSHT)
Victim Site: Unknown - Sale of US Oil & Gas Industry Database with 29K+ Company and Executive Records
Category: Data Breach
Content: A threat actor is selling a structured database containing 29,000+ records tied to US Oil & Gas industry companies and executives. The dataset includes company names, business addresses, phone numbers, executive names and titles, employee size, revenue details, and NAICS/SIC codes. The post markets the data for B2B lead generation and energy sector outreach.
Date: 2026-05-28T02:24:09Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-USA-Oil-Gas-Industry-Database-29K-Records
Screenshots:
1 screenshot(s) available
Threat Actors: Vyntra
Victim Country: United States
Victim Industry: Energy
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Ducati Valencia by DimasHxR
Category: Defacement
Content: On May 28, 2026, the website of Ducati Valencia, a Spanish Ducati motorcycle dealership, was defaced by a threat actor operating under the handle DimasHxR. The defacement targeted a media/custom directory path rather than the homepage, indicating a targeted subdirectory compromise. The attacker does not appear to be affiliated with any known defacement group at this time.
Date: 2026-05-28T02:19:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928623
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Spain
Victim Industry: Automotive / Motorsports Retail
Victim Organization: Ducati Valencia
Victim Site: ducativalencia.es - Website Defacement of French Pharmacy by DimasHxR
Category: Defacement
Content: On May 28, 2026, a threat actor identified as DimasHxR defaced a subdirectory or mobile page of pharmacie-saintecatherine.fr, a French pharmacy website. The attack was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-05-28T02:16:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928631
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Healthcare / Pharmacy
Victim Organization: Pharmacie Sainte-Catherine
Victim Site: pharmacie-saintecatherine.fr - Website Defacement of VacuumSpot by DimasHxR
Category: Defacement
Content: On May 28, 2026, the Australian e-commerce website VacuumSpot (vacuumspot.com.au) was defaced by a threat actor operating under the handle DimasHxR. The defacement targeted a subdirectory within the sites media path, suggesting potential exploitation of a content management or file upload vulnerability. The attacker does not appear to be affiliated with any known group, and no specific motive was declared.
Date: 2026-05-28T02:14:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928643
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Retail / E-commerce
Victim Organization: VacuumSpot
Victim Site: vacuumspot.com.au - Alleged offer of compromised multi-location servers for social media targeting
Category: Initial Access
Content: Post offering 31 multi-location servers with fast connectivity allegedly suitable for targeting social media networks. Operator identified as Irancell (Iranian ISP). Infrastructure appears intended for malicious cyber operations.
Date: 2026-05-28T01:38:31Z
Network: telegram
Published URL: https://t.me/c/3575098403/214
Screenshots:
1 screenshot(s) available
Threat Actors: APT IRAN
Victim Country: Iran
Victim Industry: Technology/Social Media
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of IBM
Category: Data Leak
Content: A threat actor affiliated with AnkaTeam claims to have leaked a database dump from ibm.com containing 681,868 user records. The dataset allegedly includes personally identifiable information such as names, location data, gender, income, marital status, loyalty program details, and customer lifetime value. The data was shared freely on a Turkish hacking forum.
Date: 2026-05-28T01:27:56Z
Network: openweb
Published URL: https://www.turkhackteam.org/konular/ibm-com-651k-database-leak-ankateam.2083005/
Screenshots:
2 screenshot(s) available
Threat Actors: ‘SALDIRGAN
Victim Country: United States
Victim Industry: Technology
Victim Organization: IBM
Victim Site: ibm.com - Sale of fullz, stolen documents, dumps with PIN, and PII datasets
Category: Carding
Content: A threat actor is selling a wide range of stolen personal data and fraudulent documents including fullz (SSN, DOB, DL), dumps with PIN (Track 101 & 202), tax return records, KYC-bypass documents, and targeted leads across multiple countries. Offerings include kids fullz, Medicare leads, bank statements, and identity documents with selfies and videos. The seller claims 24/7 availability and large-quantity database access across numerous countries.
Date: 2026-05-28T01:25:22Z
Network: openweb
Published URL: https://crackingx.com/threads/76879/
Screenshots:
1 screenshot(s) available
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Indonesian social assistance recipients database
Category: Data Leak
Content: A threat actor shared a database allegedly containing records of recipients of cash social assistance (BST) and free flat land programs administered by the Indonesian government. The data was made available for free on the Breached forum. No specific source organization or record count was disclosed in the post.
Date: 2026-05-28T01:22:44Z
Network: openweb
Published URL: https://breached.su/threads/database-of-list-of-recipients-of-cash-social-assistance-bst-free-flat-land.87654/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Mrsawit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Hong Kong mobile consumer database with 1M+ records
Category: Data Breach
Content: A threat actor is offering a Hong Kong mobile consumer database containing over 1 million structured records in Excel/CSV format. The dataset reportedly includes mobile numbers, carrier information, device models, usernames, and detailed address fields including street, block, and region data. The seller is advertising the data via Breachforums and a Telegram channel for B2B/B2C lead generation purposes.
Date: 2026-05-28T01:07:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Hong-Kong-Mobile-Consumer-Database-1M-Records
Screenshots:
1 screenshot(s) available
Threat Actors: Vyntra
Victim Country: Hong Kong
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: Unknown - Sale of compromised Cash App, Apple Pay, PayPal, and Zelle linked accounts and transfer services
Category: Carding
Content: A threat actor is offering compromised Cash App, Apple Pay, PayPal, and Zelle linkable accounts for sale, advertising fraudulent fund transfers at a fraction of the account balance. The seller claims transfers are completed within 25 minutes of payment and accepts Bitcoin as payment. Contact is solicited via Telegram.
Date: 2026-05-28T01:05:19Z
Network: openweb
Published URL: https://nulledbb.com/thread-Cash-App-Apple-Pay-linkables-moving-crazy–2302856
Screenshots:
1 screenshot(s) available
Threat Actors: Gogetit62
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Argentine credit card data and banking credentials from undisclosed major company
Category: Carding
Content: A threat actor claims to have compromised the database of an undisclosed major Argentine company, obtaining customer credit card data, home banking credentials, and CVUs/CBUs. The actor is offering the data for sale via Signal and Telegram, advertising fresh credit cards and the ability to launder funds using CVUs and CBUs with cryptocurrency.
Date: 2026-05-28T00:24:04Z
Network: openweb
Published URL: https://cracked.st/Thread-ARGENTINA-CC-LEAK-BANKS
Screenshots:
1 screenshot(s) available
Threat Actors: byblank
Victim Country: Argentina
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged defacement of aivrasol.com by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement claimed by threat actor Mr.PIMZZZXploit. Defaced site at https://duck.aivrasol.com with mirror hosted at https://hack-db.org/mirror/137898
Date: 2026-05-28T00:13:51Z
Network: telegram
Published URL: https://t.me/BabayoErorSystem2/39
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: aivrasol.com
Victim Site: aivrasol.com