[May-30-2026] Daily Cybersecurity Threat Report

Posted on May 30, 2026May 30, 2026

Daily Cybersecurity Threat Report Download

Detected Incidents Draft Data – 2026-05-30 (run date)

Alleged data breach of Hinge dating app
Category: Data Breach
Content: A threat actor is selling an alleged full database dump of Hinge dating app users, claiming 8 million records. The dataset is offered for $400 with a sample posted externally. Payment is accepted in multiple cryptocurrencies.
Date: 2026-05-30T03:55:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-HINGE-DATING-APP-FULL-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: nilojeda
Victim Country: United States
Victim Industry: Technology
Victim Organization: Hinge
Victim Site: hinge.co
Alleged data breach of Synkli and TheKalculators Australia
Category: Data Breach
Content: A forum post on a dark web database-sharing forum references Synkli and TheKalculators Australia in a databases section, suggesting a potential data breach or leak involving these Australian entities. No post content was available to confirm specific details, data types, or record counts.
Date: 2026-05-30T03:22:04Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78333
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Synkli and TheKalculators
Victim Site: Unknown
Website Defacement of ffufuturo.com by CiaoxD_ of Brotherhood Capung Indonesia
Category: Defacement
Content: On May 30, 2026, the website ffufuturo.com was defaced by threat actor CiaoxD_, operating under the hacktivist group Brotherhood Capung Indonesia. The attack targeted the homepage of the site in a single, non-mass defacement operation. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-30T03:06:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929832
Screenshots:
1 screenshot(s) available
Threat Actors: CiaoxD_, Brotherhood Capung Indonesia
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: FFU Futuro
Victim Site: ffufuturo.com
Alleged website defacement of amirthamfood.com by GHOSTNET-X
Category: Defacement
Content: GHOSTNET-X claims responsibility for defacing amirthamfood.com. A defacement file (ghostnet-x.html) was allegedly uploaded to the WordPress uploads directory. The actor left greetings to associated groups (#Ghostnet-x, #Allhacktivist, #Allaliance).
Date: 2026-05-30T02:42:45Z
Network: telegram
Published URL: https://t.me/Ghostnet_x/67
Screenshots:
1 screenshot(s) available
Threat Actors: GHOSTNET-X
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Amirtham Food
Victim Site: amirthamfood.com
Alleged sale of access to Server Heaven database storage
Category: Initial Access
Content: Threat actor offering paid access to a database server storage system named Server Heaven with tiered pricing ranging from $1,500 USD for 3 months to $10,000 USD for 1 year. Contact handle provided: @node6240
Date: 2026-05-30T02:05:51Z
Network: telegram
Published URL: https://t.me/c/3500620464/8849
Screenshots:
3 screenshot(s) available
Threat Actors: node6240
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Server Heaven
Victim Site: Unknown
Website Defacement of CFRD Nepal by 0xSHALL of FOURSDEATH TEAM
Category: Defacement
Content: On May 30, 2026, the threat actor 0xSHALL, operating under the group FOURSDEATH TEAM, defaced a page on cfrdnepal.org.np, a Nepalese non-profit organization website. The attack was a targeted single-page defacement rather than a mass or home page defacement. No specific motive was publicly stated for the intrusion.
Date: 2026-05-30T02:05:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929827
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Nepal
Victim Industry: Non-Profit / Civil Society
Victim Organization: Centre for Resilience and Development Nepal (CFRD Nepal)
Victim Site: cfrdnepal.org.np
Alleged ShinyHunters Data Repository Access Sale
Category: Data Leak
Content: ShinyHunters threat group advertising a Files Cloud repository containing 8.9 million files related to hacking operations. Group is soliciting subscriptions at approximately $1,000 USD for access. Contact handle provided as unc6040 (@node6240). Repository claimed to contain complete data from their operations.
Date: 2026-05-30T02:02:56Z
Network: telegram
Published URL: https://t.me/c/3500620464/8848
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Travel-Unwrapped by 0xSHALL (FOURSDEATH TEAM)
Category: Defacement
Content: On May 30, 2026, threat actor 0xSHALL operating under the group FOURSDEATH TEAM defaced a page on travel-unwrapped.co.uk, a UK-based travel website. The attack targeted a specific subpage (zxc.htm) rather than the homepage, indicating a targeted page-level defacement. No specific motivation or technical details were disclosed in the available intelligence.
Date: 2026-05-30T02:02:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929825
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: United Kingdom
Victim Industry: Travel and Tourism
Victim Organization: Travel Unwrapped
Victim Site: travel-unwrapped.co.uk
Website Defacement of The Ocean Republic by 0xSHALL (FOURSDEATH TEAM)
Category: Defacement
Content: On May 30, 2026, the website theoceanrepublic.com was defaced by threat actor 0xSHALL, operating under the group FOURSDEATH TEAM. The attack targeted a non-homepage URL within the sites sitemap directory. The defacement was an isolated, single-target incident with no mass or repeated defacement indicators reported.
Date: 2026-05-30T02:00:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929826
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSHALL, FOURSDEATH TEAM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Ocean Republic
Victim Site: theoceanrepublic.com
Alleged sale of private cloud server access
Category: Initial Access
Content: Threat actor offering private access to cloud servers for approximately $10,000 USD per year. Claims to provide downloadable access to server data. Includes contact information via Telegram channels and support accounts. A session ID is provided for verification purposes.
Date: 2026-05-30T01:36:52Z
Network: telegram
Published URL: https://t.me/c/3500620464/8840
Screenshots:
1 screenshot(s) available
Threat Actors: Mystery Hunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of a0tec.edu.vn by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 30, 2026, the Vietnamese educational website a0tec.edu.vn was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The attack targeted a Linux-based server hosting the educational domain. The incident was a single targeted defacement, not part of a mass or repeated defacement campaign.
Date: 2026-05-30T01:20:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249702
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Vietnam
Victim Industry: Education
Victim Organization: A0TEC Educational Institution
Victim Site: a0tec.edu.vn
Alleged data breach of Keybe.ai exposing 1.9 million customer leads
Category: Data Breach
Content: A threat actor claims to have obtained the full customer leads database of Keybe, an AI platform, following an alleged intrusion in May 2026. The dataset contains approximately 1,919,063 CSV records including names, emails, phone numbers, cities, service details, and agent interaction metadata, predominantly from Colombian users. Sample records and column headers were shared as evidence.
Date: 2026-05-30T00:21:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78325
Screenshots:
1 screenshot(s) available
Threat Actors: zSenior
Victim Country: Colombia
Victim Industry: Technology
Victim Organization: Keybe
Victim Site: keybe.ai

Detected Incidents Draft Data – 2026-05-29 (day before)

Website defacement of Ukrainian school by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 30, 2026, threat actor Mr.XycanKing, operating under the team BABAYO EROR SYSTEM, defaced the website of School No. 6 in Shostka, Ukraine. The targeted site is hosted on a Linux server and operates under the Ukrainian government domain. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-29T23:57:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249701
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Ukraine
Victim Industry: Education
Victim Organization: School No. 6 Shostka
Victim Site: school6.shostka-rada.gov.ua
Alleged data leak of Telegai.com user database
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump of Telegai.com containing approximately 2,500 user records. The leaked data includes user IDs, usernames, email addresses, account metadata, subscription details, and activity flags. The data was made available via a public download link.
Date: 2026-05-29T22:51:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Telegai-com-all-users
Screenshots:
1 screenshot(s) available
Threat Actors: yeblan
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegai
Victim Site: telegai.com
Alleged leak of JMIC classified military advisory on US operations in Strait of Hormuz
Category: Data Leak
Content: A document purporting to be a classified advisory memorandum (005-26) from the Joint Maritime Information Center (JMIC) dated May 29, 2026, issued via UKMTO, warning of imminent US military operations in the Strait of Hormuz near the Musandam Peninsula, has been leaked and shared in this channel.
Date: 2026-05-29T22:39:19Z
Network: telegram
Published URL: https://t.me/c/2189724818/8568
Screenshots:
2 screenshot(s) available
Threat Actors: {شهابا رصدا} مــرقــب ⭕️
Victim Country: United Kingdom
Victim Industry: Government/Military
Victim Organization: Joint Maritime Information Center (JMIC)
Victim Site: Unknown
Mass Website Defacement of Malaysian Educational Institution by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 30, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting easkill.edu.my, a Malaysian educational institution. The attack was carried out against a Windows Server 2016 host and is classified as a mass defacement operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-29T22:38:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249700
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Malaysia
Victim Industry: Education
Victim Organization: eaSkill
Victim Site: easkill.edu.my
Sale of alleged data breach of BLS International including source code, biometric data, and server access
Category: Data Breach
Content: A threat actor is selling an alleged 52GB compressed dataset from BLS International, a visa and passport processing firm. The offering claims to include MySQL and root server access, SSH private keys, Amazon S3 bucket dumps, source code, biometric data (passport scans, liveness videos), and PII spanning approximately 29 million rows. The actor also claims possession of API, SMTP, and SMS keys from the victims infrastructure.
Date: 2026-05-29T22:20:55Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-BLS-INTERNATIONAL-DATABASES-Source-Codes-SSH-Private-Keys-52GB-compressed
Screenshots:
5 screenshot(s) available
Threat Actors: scatt3r
Victim Country: India
Victim Industry: Government
Victim Organization: BLS International
Victim Site: blsinternational.com
Alleged sale of 14 million Spanish IBAN records with personal financial data
Category: Data Breach
Content: Threat actors claiming to be Shinyhunters and LAPSUS are selling access to a dataset containing 14 million Spanish IBAN records. The data includes first names, last names, cities, phone numbers, IBANs, and bank names. Price listed at $1420 USD. Contact via @node6240 and provided contact details (XMPP, email, Session ID).
Date: 2026-05-29T21:52:05Z
Network: telegram
Published URL: https://t.me/c/3500620464/8833
Screenshots:
1 screenshot(s) available
Threat Actors: Shinyhunters
Victim Country: Spain
Victim Industry: Financial/Banking
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of SnailSearch personal records database
Category: Data Leak
Content: A threat actor has freely distributed a 2.6 GB archive of files associated with SnailSearch, a legacy personal records database service built by David Gray. The files, referred to as VITALS files, reportedly contain personal data including drivers license records, dates of birth, ZIP codes, names, and addresses. The actor states they withheld files containing drivers licenses with SSNs but included other personally identifiable records in CSV and Access database formats.
Date: 2026-05-29T21:43:34Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-The-rest-of-the-VITALS-files-for-SnailSearch
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Unknown
Victim Organization: SnailSearch
Victim Site: Unknown
Sale of Multiple Moroccan Government and Corporate Databases
Category: Data Breach
Content: A threat actor is selling multiple Moroccan databases allegedly dumped by PKA291, including government entities such as the Ministry of Justice (2 million documents, 150K lawsuit cases), NARSA (2 million lines), RADEM MAROC (1.1 million documents), and OFPPT (400K lines), as well as corporate databases including delivery companies (8 million lines) and an insurance company with initial access offered separately. Prices range from $300 to $3,000 per database, with a bundle offer of $5,500 USD.
Date: 2026-05-29T21:40:16Z
Network: openweb
Published URL: https://breached.su/threads/moroccan-dbs-all-types-fresh.87719/unread
Screenshots:
1 screenshot(s) available
Threat Actors: anisanas2
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Multiple Organizations including Ministry of Justice, NARSA, RADEM MAROC, OFPPT
Victim Site: Unknown
Alleged Cisco data breach including source code, credentials, and confidential documents
Category: Data Breach
Content: Threat actors claiming to have compromised Cisco systems and stolen extensive data including GitHub/GitLab projects, source code, hardcoded credentials, SSL certificates, customer SRCs, Jira tickets, API tokens, AWS private buckets, Azure storage buckets, private/public keys, and Cisco confidential documents. Data is being offered for sale on breachforu.ms forum.
Date: 2026-05-29T21:37:12Z
Network: telegram
Published URL: https://t.me/c/3500620464/8837
Screenshots:
1 screenshot(s) available
Threat Actors: Shinyhunters
Victim Country: Unknown
Victim Industry: Technology/Networking
Victim Organization: Cisco
Victim Site: cisco.com
Mass and Repeated Website Defacement of Jalaluddin Educational Institution by BABAYO EROR SYSTEM
Category: Defacement
Content: Threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack against jalaluddin.edu.mv, a Maldivian educational institution. This incident is classified as both a mass defacement and a redefacement, indicating the site had been previously compromised by the same or affiliated actors. The attack targeted a Linux-based web server on May 30, 2026, with an archived mirror preserved at haxor.id.
Date: 2026-05-29T21:32:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249699
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Maldives
Victim Industry: Education
Victim Organization: Jalaluddin School
Victim Site: jalaluddin.edu.mv
Alleged data breach of Les CROUS (French student organization) – 1.9M records leaked
Category: Data Breach
Content: Shinyhunters and LAPSUS threat actors claim to have breached Les CROUS, a French public organization managing student scholarships, housing, and dining services. The alleged breach includes 1.9 million lines of data across 329,000 documents (198GB total). Exposed data includes personal information, ID cards, passports, school certificates, payslips, and booking records with names, emails, and contact details. Proof of breach provided via image galleries showing sample data and booking records.
Date: 2026-05-29T21:17:42Z
Network: telegram
Published URL: https://t.me/c/3500620464/8828
Screenshots:
1 screenshot(s) available
Threat Actors: Shinyhunters
Victim Country: France
Victim Industry: Education/Student Services
Victim Organization: Les CROUS
Victim Site: Unknown
Alleged data breach of Russian Federal State Autonomous Institution Scientific Research Institute SpetsVuzAvtomatika (NIISVA)
Category: Data Breach
Content: A threat actor claims to have breached the Russian state-owned Scientific Research Institute SpetsVuzAvtomatika (NIISVA), a cybersecurity and cryptography research institute serving Russian government customers. The actor alleges exfiltration of IP addresses, technical documents, and a Git repository, and is offering the data for sale via Tox. A sample has been shared via a Proton Drive link.
Date: 2026-05-29T21:11:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-LEAKED-FILES-FROM-RUSSIAN-RESEARCH-INSTITUTE–78286
Screenshots:
1 screenshot(s) available
Threat Actors: SVA2027
Victim Country: Russia
Victim Industry: Government
Victim Organization: Scientific Research Institute SpetsVuzAvtomatika (NIISVA)
Victim Site: niisva.dev
Alleged data leak of Luxembourg Football Federation
Category: Data Leak
Content: A threat actor claims to have breached the Luxembourg Football Federations servers and is freely distributing a database affecting over 45,000 players and officials. The leaked dataset reportedly includes license numbers, FIFA IDs, full names, birth dates, and validity dates. A download link to an external file-sharing service has been posted on the forum.
Date: 2026-05-29T21:09:08Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78301
Screenshots:
1 screenshot(s) available
Threat Actors: sql921
Victim Country: Luxembourg
Victim Industry: Sports
Victim Organization: Luxembourg Football Federation
Victim Site: Unknown
Alleged data leak of VK.COM user profiles
Category: Data Leak
Content: A threat actor is freely distributing a dataset of approximately 5,828 VKontakte user profiles, purportedly parsed by the poster. The dataset includes phone numbers, full names, dates of birth, origin locations, and profile URLs.
Date: 2026-05-29T21:06:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78304
Screenshots:
1 screenshot(s) available
Threat Actors: dmimin
Victim Country: Russia
Victim Industry: Technology
Victim Organization: VKontakte
Victim Site: vk.com
Sale of French database collection across multiple organizations and sectors
Category: Data Breach
Content: A threat actor is offering for sale a large collection of databases tied to French organizations spanning government agencies, telecom operators, sports federations, retail, employment services, healthcare, and online platforms. The collection includes entities such as France Travail, CAF, UNSS, SFR, Orange, Bouygues, and numerous others. Contact is provided via Telegram and Discord, suggesting an active sales operation.
Date: 2026-05-29T20:44:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78272
Screenshots:
3 screenshot(s) available
Threat Actors: Sythe
Victim Country: France
Victim Industry: Multiple
Victim Organization: Multiple French Organizations
Victim Site: Unknown
Alleged data breach of Mondial Tissus – 365,900 customer records exposed
Category: Data Breach
Content: Threat actors claiming affiliation with Shiny Hunters and LAPSUS announced a data breach of Mondial Tissus, a French fabric and haberdashery retailer. The breach allegedly compromises personal data of 365,900 unique customers spanning 2019-2026. A 5k sample was provided as proof. The actors are offering access to the stolen data and soliciting buyers through Telegram contacts.
Date: 2026-05-29T20:44:17Z
Network: telegram
Published URL: https://t.me/c/3500620464/8826
Screenshots:
1 screenshot(s) available
Threat Actors: Shiny Hunters
Victim Country: France
Victim Industry: Retail – Textiles/Fabrics
Victim Organization: Mondial Tissus
Victim Site: Unknown
Alleged data breach of US online food delivery platform exposing customer transaction records
Category: Data Breach
Content: A threat actor is offering a dataset purportedly containing 20 million US food delivery transaction records, with a sample of 2 million rows provided. The data includes customer names, phone numbers, delivery addresses, order details, pricing breakdowns, and delivery notes. The dataset appears to originate from an online food delivery platform and is being shared via an external link.
Date: 2026-05-29T20:36:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78071
Screenshots:
1 screenshot(s) available
Threat Actors: hhhhhaplus
Victim Country: United States
Victim Industry: Food & Beverage
Victim Organization: Unknown
Victim Site: biteblob.com
Sale of United States Oil & Gas Industry Database with 29K+ Records
Category: Data Breach
Content: A threat actor is selling a structured database of 29,000+ records targeting the United States oil and gas industry, containing company names, business addresses, executive names and titles, phone numbers, employee size, revenue details, and NAICS/SIC codes. The database is offered in Excel/CSV format and marketed for B2B lead generation and energy sector outreach. The origin of the data and whether it was obtained through unauthorized access has not been disclosed.
Date: 2026-05-29T20:34:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78124
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: United States
Victim Industry: Energy
Victim Organization: Unknown
Victim Site: Unknown
Alleged Ticketmaster data breach – 980 million sales orders and 440 million email addresses
Category: Data Breach
Content: Threat actors claiming to have compromised Ticketmasters systems, offering for sale a dataset containing 980 million sales orders, 680 million order details, 1.2 billion party lookup records, 440 million unique email addresses, 4 million deduplicated records, 560 million AVS records, and 400 million encrypted credit card details with partial information. Asking price: $4000. Contact via @node6240.
Date: 2026-05-29T19:51:09Z
Network: telegram
Published URL: https://t.me/c/3500620464/8831
Screenshots:
3 screenshot(s) available
Threat Actors: Shinyhunters
Victim Country: Unknown
Victim Industry: Entertainment/Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Sale of STORM v2.6.0.2 Multifunctional Vulnerability Scanning Tool
Category: Malware
Content: A forum post advertises STORM v2.6.0.2, described as a multifunctional tool for vulnerability scanning, security testing, and network analysis. The post promotes purchase via Telegram and provides download links along with a VirusTotal report. The tool appears to be marketed as a cracking/offensive security utility.
Date: 2026-05-29T18:54:11Z
Network: openweb
Published URL: https://altenens.is/threads/storm-v2-6-0-2-released.2945987/unread
Screenshots:
2 screenshot(s) available
Threat Actors: sinisafl
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh database dumps and compromised accounts across multiple platforms and countries
Category: Data Breach
Content: Threat actor offering sale of fresh database dumps containing compromised accounts from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) and platforms including eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Seller claims to have private cloud access and valid webmail credentials. Also offering military and navy fullz (complete personal information packages).
Date: 2026-05-29T18:45:47Z
Network: telegram
Published URL: https://t.me/c/2613583520/92706
Screenshots:
1 screenshot(s) available
Threat Actors: Num
Victim Country: Multiple (United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy)
Victim Industry: Multiple (e-commerce, gaming, travel, financial services, military)
Victim Organization: Unknown
Victim Site: Unknown
Alleged breach of French Weapons Information System with 62,511 weapon records and owner data
Category: Data Breach
Content: Threat actors claim to have breached a centralized French Weapons Information System database containing information on 62,511 unique weapons (46% rifles, 29% shotguns, 11% pump-action shotguns, 8% handguns) with legal classifications and owner tracking data. The leaked data includes weapon specifications (type, make, model, frame number, RGA registration), transaction types, recipient identification (name, DOB, address, email, phone, SIA number), current and previous owner information, and pref…
Date: 2026-05-29T18:41:42Z
Network: telegram
Published URL: https://t.me/c/3500620464/8823
Screenshots:
1 screenshot(s) available
Threat Actors: Shiny
Victim Country: France
Victim Industry: Government/Law Enforcement
Victim Organization: French Weapons Information System
Victim Site: Unknown
Alleged data breach of Chinas National Super-computing Center (NSCC) – 10+ Petabytes of military and aerospace research
Category: Data Breach
Content: Threat actors claiming to have breached Chinas National Super-computing Center Research Facility and stolen 10+ Petabytes of sensitive research data. The leaked data reportedly includes research from top Chinese organizations including AVIC, COMAC, NUDT, NWPU, and HUST across fields such as Aerospace Engineering, Military Research, Bioinformatics, and Fusion Simulation. The actors are actively auctioning the full dataset to the highest bidder, with limited availability and higher pricing for exc…
Date: 2026-05-29T18:28:13Z
Network: telegram
Published URL: https://t.me/c/3500620464/8809
Screenshots:
1 screenshot(s) available
Threat Actors: Shinyhunters
Victim Country: China
Victim Industry: Government/Research/Defense
Victim Organization: Chinas National Super-computing Center (NSCC)
Victim Site: Unknown
ShinyHunters Offering Free VECT Ransomware Decryptor
Category: Malware
Content: ShinyHunters announced they are providing a free decryptor for VECT ransomware as a gift. The group claims VECT ransomware operators are unreliable and cannot decrypt files. Users need to provide the encryptor binary and an encrypted file sample to use the decryptor tool.
Date: 2026-05-29T18:24:19Z
Network: telegram
Published URL: https://t.me/c/3500620464/8804
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Uzbekistan CCSSS (Cybersecurity Center State Security Service)
Category: Data Breach
Content: Threat actors claiming to have compromised Uzbekistans CCSSS (Cybersecurity Center State Security Service) and obtained approximately 5TB of database information and documents. The actors are advertising the stolen data and providing contact information for negotiations.
Date: 2026-05-29T18:24:01Z
Network: telegram
Published URL: https://t.me/c/3500620464/8803
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Uzbekistan
Victim Industry: Government/Cybersecurity
Victim Organization: CCSSS (Cybersecurity Center State Security Service)
Victim Site: Unknown
Alleged data breach of Serasa Experian – 223 million Brazilian citizens
Category: Data Breach
Content: Threat actor claims to have obtained full database dump from Serasa Experian containing personal information on 223 million Brazilian citizens including names, emails, phone numbers, addresses, dates of birth, CPF numbers, income data, and gender. Database reportedly 1.8TB in size (400GB compressed) in MSSQL backup format.
Date: 2026-05-29T18:23:46Z
Network: telegram
Published URL: https://t.me/c/3500620464/8808
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Brazil
Victim Industry: Credit reporting/Financial services
Victim Organization: Serasa Experian
Victim Site: Unknown
Alleged leak of 4,000 mixed passport scans and pictures
Category: Data Leak
Content: A threat actor is distributing a collection of approximately 4,000 passport scans and pictures described as mixed origin, shared via leaky.info. The post provides no further details about the source of the documents or the individuals affected.
Date: 2026-05-29T18:17:11Z
Network: openweb
Published URL: https://altenens.is/threads/4000-passport-scan-pictures-mixed.2945965/unread
Screenshots:
None
Threat Actors: toomuuch
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: leaky.info
Alleged data breach of Chrysler by Everest ransomware group
Category: Data Leak
Content: The Everest ransomware group allegedly exfiltrated approximately 1.06 TB of data from Chrysler, including over 1,752,162 customer records spanning 2021 to 2025. After Chrysler failed to meet ransom demands, the group reportedly released the data on January 4, 2026. The leaked data includes full names, email addresses, phone numbers, physical addresses, VINs, and order details across 62 CSV files.
Date: 2026-05-29T18:10:00Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Chrysler-chrysler-com-2025-12-25-1-06TB-Dumped-1-75M-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: thelastwhitehat
Victim Country: United States
Victim Industry: Automotive
Victim Organization: Chrysler
Victim Site: chrysler.com
Alleged data breach of National Money Mart Company – 80,000+ files with PII and financial data
Category: Data Breach
Content: Threat actor claims to have breached National Money Mart Company and obtained over 80,000 files containing personal identification, contact information, identity documents, financial data, credit card accounts, financial transactions, purchase orders, client profiles, administrative codes, employment history, and interaction timestamps from customers and employees across USA and Canada. Data is being offered for sale at $2000.
Date: 2026-05-29T17:22:43Z
Network: telegram
Published URL: https://t.me/c/3500620464/8797
Screenshots:
1 screenshot(s) available
Threat Actors: Lapsus
Victim Country: United States, Canada
Victim Industry: Financial Services / Money Transfer
Victim Organization: National Money Mart Company
Victim Site: Unknown
Alleged phishing campaign by Ghost Stadium group targeting 2026 FIFA World Cup users
Category: Phishing
Content: The FBI has warned about a network of fake websites impersonating official FIFA pages for the 2026 World Cup. These fraudulent sites are designed to steal personal and financial information, sell counterfeit tickets, and conduct phishing attacks. Cybersecurity researchers have linked the infrastructure to the Ghost Stadium hacking group, which has previously engaged in cyberattacks and online fraud schemes.
Date: 2026-05-29T17:13:47Z
Network: telegram
Published URL: https://t.me/c/1283513914/21969
Screenshots:
2 screenshot(s) available
Threat Actors: Ghost Stadium
Victim Country: International
Victim Industry: Sports/Events
Victim Organization: FIFA / 2026 World Cup users
Victim Site: Unknown
Alleged data leak of Universitas Warmadewa Faculty of Economics lecturer database
Category: Data Leak
Content: A threat actor known as JAX7 has leaked an alleged database containing lecturer records from the Faculty of Economics at Universitas Warmadewa, an Indonesian university. The post includes a sample of the data. The full scope of the leak and number of records affected are not specified in the post.
Date: 2026-05-29T17:00:11Z
Network: openweb
Published URL: https://breached.su/threads/leak-database-dosen-fakultas-ekonomi-universitas-warmadewa.87716/unread
Screenshots:
3 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Warmadewa
Victim Site: warmadewa.ac.id
Alleged distribution of compromised credentials for Indonesian government and commercial websites by BROTHEROOD CAPUNG INDONESIA
Category: Initial Access
Content: Threat actor BROTHEROOD CAPUNG INDONESIA has distributed a list of compromised credentials for multiple targets including Indonesian government agencies (PTUN Manado, BLK Sidoarjo Ministry of Labor), commercial websites (German Tourism Board, Reels&Feel, Portativ.tv, NavMaha), and an IP-based service. Each entry contains username, password, and associated email address. All credentials share the same password pattern xplpass, suggesting either mass compromise or credential stuffing attacks.
Date: 2026-05-29T16:50:45Z
Network: telegram
Published URL: https://t.me/brotheroodbci/493
Screenshots:
1 screenshot(s) available
Threat Actors: BROTHEROOD CAPUNG INDONESIA
Victim Country: Indonesia
Victim Industry: Government, Tourism, Media, Labor
Victim Organization: Multiple (PTUN Manado, BLK Sidoarjo, German Tourism Board, Reels&Feel, Portativ.tv, NavMaha)
Victim Site: ptun-manado.go.id, blksidoarjo.kemnaker.go.id, germantourismboard.com, reelsefeel.com, portativ.tv, navmaha.com
Alleged data breach of Universitas Warmadewa Faculty of Economics database
Category: Data Breach
Content: A user identified as JAX7 on Breachforums has posted a thread announcing the leak of a database containing information from the Faculty of Economics (Dosen/Lecturers) at Universitas Warmadewa. The leak has been made publicly available on Breachforums.
Date: 2026-05-29T16:50:36Z
Network: telegram
Published URL: https://t.me/byjax7/1047
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Warmadewa
Victim Site: warmadewa.ac.id
Alleged data breach of Sistema Integral de Atencion Ciudadana (Oaxaca, Mexico)
Category: Data Leak
Content: A threat actor identifying as Z3usOlymp claims to have compromised a system belonging to Sistema Integral de Atencion Ciudadana, a citizen services platform in Oaxaca, Mexico. The actor states approximately 3,000 records were obtained, each containing 3–4 personal data fields relating to citizens and government personnel. The data was made available freely, with the actor directing followers to a Telegram channel for additional attack disclosures.
Date: 2026-05-29T16:26:23Z
Network: openweb
Published URL: https://breached.su/threads/mx-mexico-hacked-system-of-sistema-integral-de-atencion-ciudadana.87715/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Z3usOlymp
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Sistema Integral de Atencion Ciudadana
Victim Site: Unknown
Mass Defacement of deltapresisi.com by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod conducted a mass defacement campaign targeting deltapresisi.com, a precision engineering company based in Indonesia. The defacement was recorded at the URL https://deltapresisi.com/zod.html and archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the Zod threat actor.
Date: 2026-05-29T16:25:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249684
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Manufacturing / Precision Engineering
Victim Organization: Delta Presisi
Victim Site: deltapresisi.com
Mass Defacement of PRI Packaging by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting pri-packaging.com, a packaging industry website. The defaced page was hosted at a non-root URL, indicating a targeted file-level compromise rather than a full homepage takeover. This incident is part of a broader mass defacement operation attributed to the Zod actor.
Date: 2026-05-29T16:24:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249696
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Manufacturing / Packaging
Victim Organization: PRI Packaging
Victim Site: pri-packaging.com
Mass Defacement of Indonesian Packaging Company by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting inovasikemasan.com, a packaging company based in Indonesia, on May 29, 2026. The defacement was part of a broader mass defacement operation, with the malicious page hosted at the /zod.html path. A mirror of the defaced page is archived at haxor.id.
Date: 2026-05-29T16:23:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249688
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Manufacturing / Packaging
Victim Organization: Inovasi Kemasan
Victim Site: inovasikemasan.com
Mass defacement of maesindo.com by threat actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod conducted a mass defacement campaign targeting maesindo.com, defacing the page at /zod.html. The attack is classified as a mass defacement operation, suggesting multiple sites were targeted simultaneously. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-29T16:23:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249689
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Maesindo
Victim Site: maesindo.com
Mass Defacement of Brazilian Transportation Company by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting actransmg.com.br, a Brazilian transportation company, on May 29, 2026. The attacker successfully defaced the target website running on a Linux server, uploading a defacement page at the /zod.html path. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-05-29T16:22:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249681
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Brazil
Victim Industry: Transportation & Logistics
Victim Organization: AC Trans MG
Victim Site: actransmg.com.br
Mass Website Defacement of adarbopack.com by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod operating under the team name Zod conducted a mass defacement attack targeting adarbopack.com, replacing the page at /zod.html with unauthorized content. The attack was classified as a mass defacement, suggesting multiple sites were compromised as part of the same campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-29T16:22:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249683
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Adarbopack
Victim Site: adarbopack.com
Mass Defacement of PRI Packaging Website by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod conducted a mass defacement campaign targeting demo.pri-packaging.com, a subdomain associated with PRI Packaging. The attacker uploaded a defacement page (zod.html) as part of a broader mass defacement operation. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T16:21:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249685
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Manufacturing / Packaging
Victim Organization: PRI Packaging
Victim Site: demo.pri-packaging.com
Mass Website Defacement of Proteksimax by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod conducted a mass defacement attack targeting proteksimax.com, a security services-related website. The defacement was recorded at the URL https://proteksimax.com/zod.html and is part of a broader mass defacement campaign attributed to the same actor. The incident was archived and mirrored at haxor.id, confirming the attacks occurrence.
Date: 2026-05-29T16:20:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249697
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Security Services
Victim Organization: Proteksimax
Victim Site: proteksimax.com
Mass defacement of grade.co.id by threat actor Zod
Category: Defacement
Content: On May 29, 2026, a threat actor known as Zod conducted a mass defacement campaign targeting grade.co.id, a website hosted in Indonesia. The defacement was recorded at the URL https://grade.co.id/zod.html and archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the Zod team.
Date: 2026-05-29T16:20:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249686
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Grade
Victim Site: grade.co.id
Mass Website Defacement of MMG Nonwoven by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod conducted a mass defacement attack targeting mmgnonwoven.com, a nonwoven materials manufacturing company. The defacement was deployed at a specific URL path rather than the homepage, suggesting targeted file placement. This incident is classified as a mass defacement, indicating the attacker likely compromised multiple websites as part of a coordinated campaign.
Date: 2026-05-29T16:19:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249693
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Manufacturing / Textiles
Victim Organization: MMG Nonwoven
Victim Site: mmgnonwoven.com
Mass defacement of Grade Indonesia by threat actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting products.grade.co.id, a subdomain of the Indonesian organization Grade. The defacement was recorded on May 29, 2026, and is classified as a mass defacement event, suggesting multiple targets were compromised as part of the same operation. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-05-29T16:19:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249695
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Grade
Victim Site: products.grade.co.id
Mass Defacement of UAB Logistic by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting uablogistic.com, a logistics-related website likely associated with Ukrainian operations. The defacement was recorded on May 29, 2026, with the attacker placing a defacement page at the path /zod.html. This incident is part of a broader mass defacement operation carried out by the same actor.
Date: 2026-05-29T16:18:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249698
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Ukraine
Victim Industry: Logistics and Transportation
Victim Organization: UAB Logistic
Victim Site: uablogistic.com
Alleged cyber attack on space agency telescope monitoring systems by Infrastructure Destruction Squad
Category: Cyber Attack
Content: Infrastructure Destruction Squad claims to have hacked into a space agencys telescope monitoring systems. Details are limited to the stated claim with an attached photo.
Date: 2026-05-29T16:18:36Z
Network: telegram
Published URL: https://t.me/c/2735908986/4529
Screenshots:
2 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Aerospace/Space
Victim Organization: Space agency (unspecified)
Victim Site: Unknown
Website Defacement of Maesindo by Threat Actor Zod
Category: Defacement
Content: A threat actor operating under the alias Zod defaced a subdomain of maesindo.com on May 29, 2026, targeting the URL adarbo.maesindo.com/zod.html. The incident was a targeted single-site defacement with no mass or home page compromise reported. The attackers motivation remains unknown as no specific reason was provided.
Date: 2026-05-29T16:18:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249682
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Maesindo
Victim Site: adarbo.maesindo.com
Mass Defacement of Maesindo Protection by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement attack targeting protection.maesindo.com, uploading a defacement page at /zod.html on May 29, 2026. The incident is classified as a mass defacement campaign, suggesting multiple sites were targeted simultaneously. No specific motive or vulnerability details were disclosed alongside the attack.
Date: 2026-05-29T16:17:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249694
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Security Services / Protection
Victim Organization: Maesindo Protection
Victim Site: protection.maesindo.com
Mass Defacement of oscardo.co.id by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod conducted a mass defacement campaign targeting oscardo.co.id, an Indonesian website. The defaced page was uploaded at the path /zod.html, and a mirror of the defacement was archived at haxor.id. This incident is part of a broader mass defacement operation attributed to the actor Zod.
Date: 2026-05-29T16:16:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249692
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Oscardo
Victim Site: oscardo.co.id
Mass Defacement of maestroberjaya.com by Threat Actor Zod
Category: Defacement
Content: On May 29, 2026, threat actor Zod operating under team Zod conducted a mass defacement attack targeting maestroberjaya.com, deploying a defacement page at the path /zod.html. The attack was part of a broader mass defacement campaign and has been archived via haxor.id. No specific motivation or technical exploitation details were disclosed.
Date: 2026-05-29T16:16:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249690
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Maestro Berjaya
Victim Site: maestroberjaya.com
Website Defacement of Biolumina Terapias by Attacker Zod
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the handle Zod defaced a specific page on bioluminaterapias.com, a website associated with bioluminescence or light-based therapy services. The attack was a targeted single-page defacement hosted on a Linux-based server, and is not classified as a mass or home page defacement. The defaced content was archived and mirrored via haxor.id.
Date: 2026-05-29T16:15:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249680
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Health & Wellness / Alternative Therapy
Victim Organization: Biolumina Terapias
Victim Site: bioluminaterapias.com
Mass Defacement of Packaging Industry Website by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting packagingme.com, a packaging industry website, on May 29, 2026. The defaced page was published at the path /zod.html, consistent with a mass defacement operation rather than a targeted single-site attack. The incident has been archived and mirrored via haxor.id, indicating public claim of responsibility.
Date: 2026-05-29T16:15:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249691
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Manufacturing / Packaging
Victim Organization: Packaging ME
Victim Site: packagingme.com
Mass Defacement of Hong Kong Commercial Site by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting greatfame.com.hk, a Hong Kong-based commercial website. The defaced page was hosted at the /zod.html path, consistent with the attackers naming convention. This incident is part of a broader mass defacement operation attributed to the Zod team, with a mirror archived on haxor.id.
Date: 2026-05-29T16:14:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249687
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Hong Kong
Victim Industry: Commercial/Business
Victim Organization: Great Fame
Victim Site: greatfame.com.hk
Alleged sale of compromised TikTok and SHEIN accounts with documentation
Category: Initial Access
Content: Threat actor offering to sell compromised TikTok US personal accounts, TikTok store accounts with violation appeals passed, and SHEIN self-operated LLC accounts across multiple categories. Prices range from 300-800 USDT. Also offering bulk TikTok accounts with 500k followers at 350 USDT. Contact via Telegram handle provided.
Date: 2026-05-29T16:04:36Z
Network: telegram
Published URL: https://t.me/c/2613583520/92564
Screenshots:
1 screenshot(s) available
Threat Actors: 小新：专业待發引琉
Victim Country: United States
Victim Industry: Social Media, E-commerce
Victim Organization: TikTok, SHEIN
Victim Site: tiktok.com, shein.com
Sale of Spanish personal data lines for spam and scam campaigns
Category: Data Leak
Content: A threat actor is selling approximately 2 million lines of personal data purportedly belonging to individuals in Spain, advertised for use in spam and scam campaigns via email or phone number. The data is priced at $6,000 for the full dataset, with a minimum purchase of 166,000 lines for $500, payable in cryptocurrency. The source or origin of the dataset is not disclosed.
Date: 2026-05-29T15:57:41Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-SPAIN-FRESH-LINES-FOR-YOUR-CAMPAIGN
Screenshots:
1 screenshot(s) available
Threat Actors: nilojeda
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fraudulent Tether (USDT) software enabling fake transactions
Category: Malware
Content: Threat actor advertising Black Tether fraud software claiming to enable balance display, fund transfers, and transaction verification on TRC20 & BEP20 networks. Software has 120-day maximum usage period. Seller warns of impersonators and provides Telegram contact (@cfttether) and group link. This is a cryptocurrency fraud scheme targeting users seeking to create fake Tether transactions.
Date: 2026-05-29T15:46:44Z
Network: telegram
Published URL: https://t.me/c/2613583520/92554
Screenshots:
2 screenshot(s) available
Threat Actors: cfttether
Victim Country: Unknown
Victim Industry: cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of BeotelNet (Telekom Serbia)
Category: Data Breach
Content: A threat actor claims to have breached BeotelNet, a Serbian telecommunications provider, and extracted over 150,000 customer records spanning 2020–2026. Exposed data reportedly includes full names, JMBG national identification numbers, addresses, phone numbers, and email addresses. The actor is demanding payment for permanent deletion of the data, threatening to publish the full database on June 1, 2026 if no agreement is reached.
Date: 2026-05-29T14:48:55Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-BeotelNet-Telekom-Serbia-Customer-Database-Sample
Screenshots:
1 screenshot(s) available
Threat Actors: QilinZeus
Victim Country: Serbia
Victim Industry: Telecommunications
Victim Organization: BeotelNet
Victim Site: beotel.net
Website Defacement of nazmulsany.com by Sanrei of Cowok Tersakiti Team
Category: Defacement
Content: On May 29, 2026, a threat actor known as Sanrei, operating under the Cowok Tersakiti Team, defaced a specific page on nazmulsany.com. The attack targeted a subpage (kuro.html) rather than the homepage, indicating a targeted page-level defacement. No specific motivation or technical details were disclosed in the available incident data.
Date: 2026-05-29T14:33:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929809
Screenshots:
1 screenshot(s) available
Threat Actors: Sanrei, Cowok Tersakiti Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Nazmul Sany
Victim Site: nazmulsany.com
Website Defacement of Salon Ruby by Sanrei (Cowok Tersakiti Team)
Category: Defacement
Content: On May 29, 2026, a threat actor known as Sanrei, operating under the group Cowok Tersakiti Team, defaced the homepage of Salon Ruby, a beauty salon based in Sri Lanka. The attack was a targeted single-site defacement, replacing the home page content with the attackers messaging. No specific motive or reason was disclosed for the attack.
Date: 2026-05-29T14:31:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929810
Screenshots:
1 screenshot(s) available
Threat Actors: Sanrei, Cowok Tersakiti Team
Victim Country: Sri Lanka
Victim Industry: Beauty & Personal Care
Victim Organization: Salon Ruby
Victim Site: salonruby.lk
Website Defacement of GMG Racing by Sanrei of Cowok Tersakiti Team
Category: Defacement
Content: On May 29, 2026, the threat actor Sanrei, operating under the Cowok Tersakiti Team, defaced a page on gmgracing.com, a motorsports-related website. The attack targeted a specific subpage (kuro.html) rather than the homepage, indicating a targeted page-level defacement. The incident was catalogued and mirrored by zone-xsec.com with mirror ID 929808.
Date: 2026-05-29T14:29:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929808
Screenshots:
1 screenshot(s) available
Threat Actors: Sanrei, Cowok Tersakiti Team
Victim Country: Unknown
Victim Industry: Automotive / Motorsports
Victim Organization: GMG Racing
Victim Site: gmgracing.com
Website Defacement of YGL by Attacker DimasHxR
Category: Defacement
Content: On May 29, 2026, an attacker operating under the alias DimasHxR defaced a page on the Israeli website ygl.co.il, targeting a media or customer-related directory. The attack was a single targeted defacement with no team affiliation reported, and no specific motivation or technical details were disclosed.
Date: 2026-05-29T14:23:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929807
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: YGL
Victim Site: www.ygl.co.il
Website Defacement of Zivdah Online Grocery by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a page on the online grocery platform Zivdah Online Grocery. The attack was a targeted single-page defacement, not a mass or home page defacement. No specific motive, server details, or proof-of-concept were disclosed in the available intelligence.
Date: 2026-05-29T14:21:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929805
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce (Online Grocery)
Victim Organization: Zivdah Online Grocery
Victim Site: www.zivdahonlinegrocery.com
Alleged sale of compromised TikTok and SHEIN business accounts
Category: Initial Access
Content: Threat actor offering to sell compromised or fraudulently obtained TikTok US personal accounts, TikTok US store accounts with violation appeal status, and SHEIN self-operated LLC accounts across multiple regions. Pricing ranges from 100-800 USDT. Seller claims bulk acquisition capabilities and offers escrow services.
Date: 2026-05-29T14:15:57Z
Network: telegram
Published URL: https://t.me/c/2613583520/92484
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: United States
Victim Industry: Technology/E-commerce
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Hoogenboezem by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced a subdirectory of the Dutch website hoogenboezem.nl. The attack targeted a media/customer path on the domain and does not appear to be part of a mass or coordinated defacement campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T14:15:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929788
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Hoogenboezem
Victim Site: www.hoogenboezem.nl
Alleged data breach of 11467.com exposing Chinese business contacts and verified accounts
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from 11467.com, a Chinese business directory platform, priced at $900. The dataset is claimed to contain approximately 512,000 records spanning three sections: Contacts (including names, phone numbers, emails, and passwords), Service Requests, and Verified Accounts (including password hashes, security question answers, and account balances). Sample download links were provided via Gofile.
Date: 2026-05-29T14:15:17Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78279
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: China
Victim Industry: Business Services
Victim Organization: 11467.com
Victim Site: 11467.com
Website Defacement of Gotron by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Belgian electronics retailer Gotron had a media subdirectory of its website defaced by a threat actor operating under the alias DimasHxR. The defacement targeted a non-homepage URL, indicating a targeted attack on a specific web-accessible directory rather than the main site. No team affiliation, stated motive, or technical details about the server infrastructure were disclosed.
Date: 2026-05-29T14:14:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929794
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Belgium
Victim Industry: Retail / Electronics
Victim Organization: Gotron
Victim Site: www.gotron.be
Website Defacement of CRM Paladina by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Italian CRM services website crmpaladina.it was defaced by threat actor DimasHxR. The attack targeted a subdirectory of the site rather than the homepage and was carried out as a single targeted defacement. No team affiliation, specific motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T14:13:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929787
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Business Services / CRM
Victim Organization: CRM Paladina
Victim Site: www.crmpaladina.it
Website Defacement of RiRi Hair by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a page on www.ririhair.com, a website associated with a hair products retailer. The defacement targeted a specific media/custom path rather than the homepage and was carried out as an individual, non-mass defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-29T14:13:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929804
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Beauty & Hair Products
Victim Organization: RiRi Hair
Victim Site: www.ririhair.com
Website Defacement of WhatsCommerce by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a page on whatscommerce.com.br, a Brazilian e-commerce platform. The incident was a targeted single-page defacement rather than a mass or home page attack. No team affiliation, specific motive, or technical details regarding the server were disclosed.
Date: 2026-05-29T14:12:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929798
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: E-Commerce / Technology
Victim Organization: WhatsCommerce
Victim Site: whatscommerce.com.br
Website Defacement of Pools Spas Online by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a page on poolspasonline.com, a retail website specializing in swimming pools and spa products. The incident was a targeted single-site defacement with no team affiliation reported. The attack was neither a mass defacement nor a redefacement, suggesting an opportunistic intrusion against the sites media directory.
Date: 2026-05-29T14:11:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929803
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / E-commerce (Swimming Pools & Spas)
Victim Organization: Pools Spas Online
Victim Site: www.poolspasonline.com
Website Defacement of Ingrosmart by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a web page hosted on the Italian website ingrosmart.it, targeting a file within the public media directory. The attack was a single targeted defacement with no team affiliation reported. No specific motive or technical details were disclosed.
Date: 2026-05-29T14:10:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929793
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Retail/Wholesale
Victim Organization: Ingrosmart
Victim Site: www.ingrosmart.it
Website Defacement of Pure Motorsport by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced the website of Pure Motorsport, a UK-based motorsport organization. The attacker targeted a subdirectory of the domain in a single, non-mass defacement. No specific motive or team affiliation was disclosed in connection with the incident.
Date: 2026-05-29T14:09:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929802
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Automotive / Motorsport
Victim Organization: Pure Motorsport
Victim Site: www.pure-motorsport.co.uk
Website Defacement of Lift Components UK by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a media directory page on liftcomponents.co.uk, a UK-based supplier of lift and elevator components. The attack was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server environment and exploitation method were not disclosed.
Date: 2026-05-29T14:08:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929791
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Manufacturing / Industrial Components
Victim Organization: Lift Components
Victim Site: www.liftcomponents.co.uk
Website Defacement of MetroStore (Greece) by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a media/custom directory page on the Greek retail website MetroStore (www.metrostore.gr). The incident was a targeted, single-site defacement with no team affiliation reported. No specific motivation or server details were disclosed.
Date: 2026-05-29T14:07:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929801
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Greece
Victim Industry: Retail / E-Commerce
Victim Organization: MetroStore
Victim Site: www.metrostore.gr
Website Defacement of Isacco by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced a page on the Italian website isacco.it, targeting a file within the public media directory. The defacement was a targeted single-site attack with no team affiliation reported. No specific motivation or technical details regarding the server environment were disclosed.
Date: 2026-05-29T14:06:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929790
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Retail / E-Commerce
Victim Organization: Isacco
Victim Site: www.isacco.it
Website Defacement of lebloom.london by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a media/custom directory on the website lebloom.london, a UK-based organization. The attack was a targeted single-site defacement with no team affiliation reported. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-05-29T14:06:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929795
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / E-commerce
Victim Organization: Le Bloom London
Victim Site: www.lebloom.london
Website Defacement of Lab Grown Fashion by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website labgrownfashion.com was defaced by a threat actor operating under the handle DimasHxR. The defacement targeted a media directory path and was a standalone, non-mass incident with no team affiliation reported. Technical details such as server software and IP address were not disclosed in the available incident data.
Date: 2026-05-29T14:05:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929789
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Fashion
Victim Organization: Lab Grown Fashion
Victim Site: labgrownfashion.com
Website Defacement of Mangalmay Vastu by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a subdirectory of mangalmayvastu.com, a website associated with Vastu Shastra consulting services likely based in India. The defacement was a targeted, non-mass intrusion affecting a specific media or custom path rather than the homepage. No team affiliation, stated motive, or server details were disclosed in association with this incident.
Date: 2026-05-29T13:59:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929766
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Consulting / Vastu Shastra Services
Victim Organization: Mangalmay Vastu
Victim Site: mangalmayvastu.com
Website Defacement of Motor-Corner.de by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a subdirectory of the German automotive website motor-corner.de. The defacement targeted a media/customer-related path and was carried out as a single, non-mass incident with no stated motive. No team affiliation was claimed by the attacker.
Date: 2026-05-29T13:58:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929782
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Automotive / E-Commerce
Victim Organization: Motor Corner
Victim Site: www.motor-corner.de
Website Defacement of OpenBoxFinder by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website openboxfinder.com was defaced by the threat actor DimasHxR acting independently without a team affiliation. The attacker targeted a media/custom directory path on the site, suggesting a partial or subdirectory defacement rather than a full homepage takeover. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-29T13:57:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929770
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: OpenBoxFinder
Victim Site: openboxfinder.com
Website Defacement of Guinot Hungary by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a page on guinot.hu, the Hungarian website of the Guinot beauty and cosmetics brand. The attack targeted a media/customer address path and was a singular, non-mass defacement with no affiliated team. The attackers motive and server details remain unknown.
Date: 2026-05-29T13:56:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929758
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Hungary
Victim Industry: Beauty and Cosmetics
Victim Organization: Guinot Hungary
Victim Site: guinot.hu
Website Defacement of KhaleejiGamer by DimasHxR
Category: Defacement
Content: On May 29, 2026, the gaming and entertainment website khaleejigamer.com was defaced by the threat actor DimasHxR acting independently without a team affiliation. The attack targeted a specific media path rather than the homepage and was a singular, non-mass defacement incident. Technical details regarding the server infrastructure and attacker motivation were not disclosed.
Date: 2026-05-29T13:55:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929762
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Gaming / Entertainment
Victim Organization: KhaleejiGamer
Victim Site: khaleejigamer.com
Website Defacement of Gran Arthurium by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Brazilian website granarthurium.com.br was defaced by the threat actor DimasHxR operating without an affiliated team. The attacker targeted a publicly accessible media directory path, a common vector for web shell uploads or content injection. The incident was a single targeted defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-29T13:55:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929756
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Retail / E-commerce
Victim Organization: Gran Arthurium
Victim Site: granarthurium.com.br
Website Defacement of The Lighthouse XL by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the handle DimasHxR defaced a subdirectory of thelighthousexl.nl, a Netherlands-based website. The attack was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server environment and attack vector remain unknown.
Date: 2026-05-29T13:54:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929777
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: The Lighthouse XL
Victim Site: thelighthousexl.nl
Website Defacement of Sharp Distribution by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a page on sharpdist.com, targeting a subdirectory within the sites public media folder. The attacker operated independently without an affiliated team. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T13:53:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929773
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Distribution / Wholesale
Victim Organization: Sharp Distribution
Victim Site: sharpdist.com
Website Defacement of Waldrugmart Health by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a media directory page on the healthcare/pharmacy website waldrugmart.health. The attack was a targeted single-page defacement, not a mass or home page defacement. No specific motive, team affiliation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T13:52:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929785
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare / Pharmacy
Victim Organization: Waldrugmart
Victim Site: www.waldrugmart.health
Website Defacement of LED Strip Direct by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a media directory page on the UK-based LED lighting retailer LED Strip Directs website. The attack appears to be a targeted single-site defacement with no team affiliation reported. No specific motivation or vulnerability details were disclosed.
Date: 2026-05-29T13:52:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929781
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / E-Commerce (Lighting Products)
Victim Organization: LED Strip Direct
Victim Site: www.ledstripdirect.co.uk
Website Defacement of Decorative Ponds UK by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced the website of Decorative Ponds, a UK-based decorative pond and aquatic products retailer. The attack targeted a subdirectory of the domain and was conducted as a single, targeted defacement rather than a mass or home page defacement. No team affiliation, specific motive, or technical details about the server environment were disclosed.
Date: 2026-05-29T13:51:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929780
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / E-Commerce (Aquatic/Garden Products)
Victim Organization: Decorative Ponds
Victim Site: www.decorativeponds.co.uk
Website Defacement of Naxzant Group by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced a web page hosted on naxzantgroup.cloud, targeting the media/customer directory of the Naxzant Groups website. The attacker operated independently without affiliation to a known team. No specific motive, server details, or proof-of-concept were disclosed in connection with this incident.
Date: 2026-05-29T13:50:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929768
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Naxzant Group
Victim Site: naxzantgroup.cloud
Website Defacement of MyDecor Kenya by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced the Kenyan home decor website mydecor.co.ke, targeting a media/custom directory path. The attack was a single targeted defacement with no team affiliation reported and no stated motive. The incident was documented with a mirror archived at zone-xsec.com.
Date: 2026-05-29T13:49:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929767
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Kenya
Victim Industry: Retail / Home Decor
Victim Organization: MyDecor
Victim Site: mydecor.co.ke
Sale of Heartsender V5 bulk email sending tool
Category: Phishing
Content: A threat actor is selling Heartsender V5, a bulk email sending tool with features indicative of phishing and spam campaigns, including inbox letter encryption, spam word detection, SMTP/API support, proxy rotation, and multiple URL link rotation. The tool supports multi-threaded sending, ZIP attachments, and SMTP-to-SMS functionality. The seller advertises via Telegram under the handle office_365shop.
Date: 2026-05-29T13:49:18Z
Network: openweb
Published URL: https://crackingx.com/threads/77085/
Screenshots:
2 screenshot(s) available
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Kronkart by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a media/customer directory page on kronkart.com, an e-commerce platform. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motive, team affiliation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T13:48:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929764
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Kronkart
Victim Site: kronkart.com
Sale of cryptocurrency seed phrase and private key checker/generator tool
Category: Malware
Content: A forum user is distributing a cryptocurrency seed phrase and private key checker and generator tool supporting 40+ coins. The tool reportedly operates without a proxy and offers decent verification speed. It is being shared via Mediafire and Mega file hosting services.
Date: 2026-05-29T13:48:52Z
Network: openweb
Published URL: https://crackingx.com/threads/77090/
Screenshots:
1 screenshot(s) available
Threat Actors: Zxhuwu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Babicoco by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a page on the e-commerce website babicoco.com, targeting a file within the public media directory. The defacement was a single targeted page compromise rather than a mass or home page defacement. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-29T13:48:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929779
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Babicoco
Victim Site: www.babicoco.com
Website Defacement of Softprodigy by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Indian IT company Softprodigy had its website defaced by the threat actor DimasHxR. The defacement targeted a media/customer directory path within the web server, suggesting exploitation of a publicly accessible upload or media management endpoint. The incident was a singular, targeted defacement with no mass or home page compromise reported.
Date: 2026-05-29T13:47:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929775
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Information Technology
Victim Organization: Softprodigy
Victim Site: softprodigy.in
Website Defacement of High Street Books by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced the website of High Street Books, an Irish online bookseller. The defacement targeted a subdirectory of the site rather than the homepage and was conducted as a single targeted attack with no team affiliation reported. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-29T13:46:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929759
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Ireland
Victim Industry: Retail – Books & Publishing
Victim Organization: High Street Books
Victim Site: highstreetbooks.ie
Website Defacement of Pain-Relief.com.hk by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website pain-relief.com.hk, a Hong Kong-based pain relief or healthcare-related website, was defaced by the threat actor DimasHxR acting independently without a team affiliation. The defacement targeted a subdirectory within the sites public media folder, suggesting possible exploitation of a content management system vulnerability. No specific motivation or proof-of-concept details were disclosed.
Date: 2026-05-29T13:45:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929771
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Hong Kong
Victim Industry: Healthcare / Medical
Victim Organization: Pain Relief Hong Kong
Victim Site: pain-relief.com.hk
Website Defacement of neilmageplaza.site by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the handle DimasHxR defaced a subdirectory of neilmageplaza.site, targeting the media/custom path. The attacker acted independently without an affiliated team, and the incident was classified as a single targeted defacement rather than a mass or repeat attack. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-05-29T13:44:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929769
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Neil Mage Plaza
Victim Site: neilmageplaza.site
Website Defacement of vgosnova.com by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a specific media/customer directory page on vgosnova.com. The attack was carried out as a targeted single-site defacement with no team affiliation reported. Technical details such as the server software, IP address, and attack vector were not disclosed.
Date: 2026-05-29T13:43:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929778
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Vgosnova
Victim Site: vgosnova.com
Website Defacement of LadyDeal Vietnam by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Vietnamese e-commerce website LadyDeal (ladydeal.vn) was defaced by the threat actor DimasHxR. The attacker targeted a media/customer directory path rather than the homepage, indicating a targeted subdirectory defacement. The incident was carried out as a solo operation with no affiliated team claimed.
Date: 2026-05-29T13:43:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929765
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: E-Commerce / Retail
Victim Organization: LadyDeal
Victim Site: ladydeal.vn
Website Defacement of Parts Mondial by DimasHxR
Category: Defacement
Content: On May 29, 2026, the threat actor DimasHxR defaced a media/customer directory on the Parts Mondial website (www.partsmondial.com). The incident was a targeted single-site defacement, not part of a mass or repeated campaign. No specific motive or technical exploitation details were disclosed.
Date: 2026-05-29T13:42:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929783
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Automotive Parts / E-Commerce
Victim Organization: Parts Mondial
Victim Site: www.partsmondial.com
Alleged data breach of Sankuai (sankuai.com)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from sankuai.com, a Chinese platform, comprising approximately 763,000 records. The data is structured across three sections — Contacts, Order History, and Support Tickets — and includes personally identifiable information such as full names, email addresses, phone numbers, password hashes, order details, and support ticket content. Sample download links are provided via gofile.io.
Date: 2026-05-29T13:42:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78278
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: China
Victim Industry: Retail
Victim Organization: Sankuai
Victim Site: sankuai.com
Website Defacement of johanregelink.nl by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website johanregelink.nl was defaced by a threat actor known as DimasHxR operating without an affiliated team. The attacker targeted a subdirectory of the domain, suggesting a targeted single-page or media folder defacement rather than a full site compromise. No specific motive or technical details were disclosed in the available incident data.
Date: 2026-05-29T13:41:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929761
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Johan Regelink
Victim Site: johanregelink.nl
Website Defacement of German-Quality.ro by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a subdirectory of german-quality.ro, a Romanian e-commerce or retail website. The defacement targeted a specific media path rather than the homepage, suggesting partial or deep-path exploitation. No team affiliation, stated motive, or technical indicators were disclosed in connection with this incident.
Date: 2026-05-29T13:35:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929755
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Retail / E-Commerce
Victim Organization: German Quality
Victim Site: german-quality.ro
Website Defacement of Crawl Space Ninja Print by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website crawlspaceninjaprint.com was defaced by the threat actor DimasHxR acting independently without an affiliated team. The attack targeted a subdirectory of the domain associated with Crawl Space Ninja, a home services company likely based in the United States. The incident was a singular, non-mass defacement with no stated motivation recorded.
Date: 2026-05-29T13:34:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929751
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Construction / Home Services
Victim Organization: Crawl Space Ninja
Victim Site: crawlspaceninjaprint.com
Website Defacement of Elegance.co.ke by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Kenyan website elegance.co.ke was defaced by a threat actor operating under the handle DimasHxR. The attacker targeted a subdirectory within the sites media/customer upload path, suggesting exploitation of a vulnerable file upload or CMS misconfiguration. The incident was a single-target, non-mass defacement with no affiliated team claimed.
Date: 2026-05-29T13:33:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929753
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Kenya
Victim Industry: Retail/Fashion
Victim Organization: Elegance
Victim Site: elegance.co.ke
Website Defacement of Duralube Australia by DimasHxR
Category: Defacement
Content: On May 29, 2026, the Australian automotive lubricants website duralube.com.au was defaced by a threat actor operating under the alias DimasHxR. The defacement targeted a media/customer directory path rather than the homepage, indicating a targeted file upload or directory traversal exploitation. No team affiliation, stated motive, or server details were disclosed in association with this incident.
Date: 2026-05-29T13:32:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929752
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Automotive / Lubricants
Victim Organization: Duralube Australia
Victim Site: duralube.com.au
Website Defacement of Battery Vault by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced a subdirectory of batteryvault.co.uk, a UK-based battery retail website. The attack targeted a specific media/custom path rather than the homepage and was carried out as a singular, non-mass defacement. No motive or team affiliation was disclosed by the attacker.
Date: 2026-05-29T13:31:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929749
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / E-Commerce
Victim Organization: Battery Vault
Victim Site: batteryvault.co.uk
Website Defacement of FafaUniques by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website fafauniques.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without an affiliated team. The defacement targeted a media/customer directory path rather than the homepage, suggesting a targeted subdirectory compromise. No specific motivation or technical details regarding the server environment were disclosed.
Date: 2026-05-29T13:30:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929754
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Fafa Uniques
Victim Site: fafauniques.com
Website Defacement of 5era.ru by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a subpage of the Russian website 5era.ru, specifically targeting the media/customer_address path. The attack was carried out by an individual actor with no affiliated team, and the incident was a targeted single-page defacement rather than a mass or home page compromise.
Date: 2026-05-29T13:29:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929748
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: 5era
Victim Site: 5era.ru
Website Defacement of Cleverpokale by DimasHxR
Category: Defacement
Content: On May 29, 2026, the German website cleverpokale.de was defaced by a threat actor identified as DimasHxR acting independently without a team affiliation. The attack targeted a media/customer directory path on the site, which appears to be a trophy and award retail platform. The defacement was a targeted, non-mass incident with no additional technical indicators disclosed.
Date: 2026-05-29T13:28:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929750
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / E-Commerce
Victim Organization: Clever Pokale
Victim Site: cleverpokale.de
Alleged data breach of Home Depot Canada
Category: Data Breach
Content: A threat actor is selling an alleged dataset from homedepot.ca containing approximately 742,000 customer records priced at $900. The dataset is structured across three tables covering customer contact profiles (including names, emails, phone numbers, addresses, and dates of birth), product warranty registrations, and customer feedback/survey responses. The actor claims the data is fresh and organized, and is accepting contact via Telegram.
Date: 2026-05-29T13:10:50Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78275
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Home Depot Canada
Victim Site: homedepot.ca
Alleged data breach of Coleman BBQ (colemanbbq.ca)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Coleman BBQ (colemanbbq.ca) containing approximately 427,000 records across three sections: Contact, Order, and Servicerequest. The data reportedly includes customer names, emails, phone numbers, mailing addresses, order details (payment method, total amount, tracking numbers), and service request information. The seller is asking $900 and accepts forum escrow.
Date: 2026-05-29T13:09:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78276
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Coleman BBQ
Victim Site: colemanbbq.ca
Alleged data breach of Land Transportation Office Philippines with 0day exploit claim
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of 14 million records from the Philippine Land Transportation Office, containing PII including full names, addresses, dates of birth, biometric details, and user images. The listing is exclusive to a single buyer and includes a claimed proof-of-concept 0day exploit against the LTO system as verification of the datas authenticity.
Date: 2026-05-29T12:01:32Z
Network: openweb
Published URL: https://breached.su/threads/land-transportation-office-lto-gov-ph-pii-philippines-breached.87713/unread
Screenshots:
3 screenshot(s) available
Threat Actors: anthraxsec
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Land Transportation Office
Victim Site: lto.gov.ph
Alleged data leak of KPK database
Category: Data Leak
Content: A forum user shared what is claimed to be a free database associated with KPK. No further details or content are available in the post.
Date: 2026-05-29T12:00:37Z
Network: openweb
Published URL: https://breached.su/threads/free-database-kpk.87712/unread
Screenshots:
1 screenshot(s) available
Threat Actors: ghostcat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: KPK
Victim Site: Unknown
Website Defacement of Squashprofi.de by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a media/customer directory page on squashprofi.de, a German squash sports website. The incident was a targeted single-page defacement rather than a mass or home page defacement. No specific motive, team affiliation, or technical details regarding the server environment were disclosed.
Date: 2026-05-29T11:47:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929742
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Sports / Recreation
Victim Organization: Squashprofi
Victim Site: squashprofi.de
Landeszentrale und Gedenkstätten komplett offline – Cyberangriff
Category: Cyber Attack
Content: The Landeszentrale für politische Bildung has fallen victim to a cyberattack, according to its own statements. The institution was forced to isolate its websites as well as those of its memorials, rendering them currently inaccessible. The organization is investigating whether subscriber and customer data may have been exfiltrated as a result of the incident.
Date: 2026-05-29T11:44:34Z
Network: openweb
Published URL: https://www.rheinpfalz.de/lokal/pfalz-ticker_artikel,-landeszentrale-und-gedenkstätten-komplett-offline-_arid,5894846.html
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Landeszentrale für politische Bildung
Victim Site: lpb.rlp.de
Website Defacement by azraelzer0d4y of b1ohaz4rd Team
Category: Defacement
Content: A threat actor operating under the alias azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 95.217.164.124 on May 29, 2026. The targeted path suggests a customer media directory, potentially indicating compromise of a web application or CMS. The incident was a singular, targeted defacement rather than a mass or home page defacement.
Date: 2026-05-29T11:41:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929726
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 95.217.164.124
Website Defacement by azraelzer0d4y of b1ohaz4rd Team Against IP-hosted Target
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a website hosted at IP address 65.108.49.183 under the media/customer directory path. The attack was a targeted single-site defacement with no server software or operating system details identified. The incident was documented and mirrored by zone-xsec.com.
Date: 2026-05-29T11:40:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929723
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 65.108.49.183
Website defacement by azraelzer0d4y of b1ohaz4rd team targeting IP-based host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 34.51.78.252 under the media/customer directory path. The targeted host does not resolve to a named domain, making attribution of the victim organization and industry difficult. The incident was recorded as a single, non-mass defacement with no redefacement history.
Date: 2026-05-29T11:38:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929725
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 34.51.78.252
Website Defacement by azraelzer0d4y of b1ohaz4rd Team
Category: Defacement
Content: A web server hosted at IP address 95.216.5.90 on port 8082, associated with a Hetzner-hosted Finnish IP, was defaced by threat actor azraelzer0d4y operating under the group b1ohaz4rd. The defacement targeted a media directory path and was recorded on May 29, 2026. The incident was a targeted single-site defacement with no indication of mass or redefacement activity.
Date: 2026-05-29T11:36:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929724
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 95.216.5.90:8082
Website Defacement of Farmácia de Pet by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced the Brazilian pet pharmacy website farmaciadepet.com.br, targeting a media directory path within the sites public folder. The incident was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed.
Date: 2026-05-29T11:35:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929728
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Retail / Pet Pharmacy / E-Commerce
Victim Organization: Farmácia de Pet
Victim Site: farmaciadepet.com.br
Website defacement of unknown organization by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 170.64.212.44. The defacement targeted a specific media/customer directory path rather than the homepage, suggesting a targeted directory-level compromise. No additional details regarding the victim organization, motivation, or server environment were disclosed.
Date: 2026-05-29T11:29:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929618
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 170.64.212.44
Website Defacement by azraelzer0d4y of Team b1ohaz4rd Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a web resource hosted at IP address 45.157.40.157 under the media/customer directory path. The defacement was a targeted single-site compromise, with no indication of mass or repeat defacement activity. The incident was archived and mirrored by zone-xsec.com for documentation purposes.
Date: 2026-05-29T11:27:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929617
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 45.157.40.157
Website defacement by azraelzer0d4y of b1ohaz4rd team targeting IP-hosted web server
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web server accessible via the IP address 13.210.243.169, targeting a file path under the media/customer directory. The attack was a targeted single-site defacement with no attribution to a specific organization or industry. The IP address resolves to an AWS region associated with Australia (ap-southeast-2), suggesting the server may be hosted in that geographic location.
Date: 2026-05-29T11:26:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929619
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 13.210.243.169
Website Defacement by azraelzer0d4y of b1ohaz4rd Team on IP-based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a website hosted at IP address 136.144.206.135. The targeted path suggests a Magento or similar e-commerce platform, indicated by the /pub/media/cust directory structure. The incident was a targeted single-site defacement with no mass or re-defacement indicators.
Date: 2026-05-29T11:24:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929620
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: E-Commerce
Victim Organization: Unknown
Victim Site: 136.144.206.135
Website Defacement by azraelzer0d4y of b1ohaz4rd Team
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 209.38.167.36. The targeted path suggests a media or customer-related directory was compromised. The defacement was a singular, targeted incident rather than a mass or home page defacement, and is documented via a mirror archived at zone-xsec.com.
Date: 2026-05-29T11:23:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929616
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 209.38.167.36
Alleged sale of mail account access and credential lists across multiple countries
Category: Initial Access
Content: Threat actor operating under handle .py is offering mail account access for multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan). Post advertises availability of configs, scripts, tools, hits, and combolists with requests available. Contact directed to @DataxLogs.
Date: 2026-05-29T11:21:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/92324
Screenshots:
1 screenshot(s) available
Threat Actors: .py
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement by azraelzer0d4y of team b1ohaz4rd targeting IP-based host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a website hosted at IP address 185.247.17.46 on port 85. The targeted resource was a media directory path, and no additional context regarding the victim organization or motivation was disclosed. The incident was a single targeted defacement, not classified as a mass or home page defacement.
Date: 2026-05-29T11:17:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929606
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 185.247.17.46:85
Website Defacement by azraelzer0d4y of Team b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, conducted a website defacement targeting a host at IP address 51.103.107.233. The defacement was recorded on zone-xsec.com with mirror ID 929607. The targeted path suggests compromise of a web applications media or customer file directory, though the victim organization and motive remain unidentified.
Date: 2026-05-29T11:15:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929607
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 51.103.107.233
Website Defacement by azraelzer0d4y of Team b1ohaz4rd Targeting Unknown Organization
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the group b1ohaz4rd, defaced a web resource hosted at IP address 114.67.248.243 on port 8082. The targeted path suggests a media or customer-related directory. The incident was a single-target, non-mass defacement with no disclosed motivation or technical details regarding the server environment.
Date: 2026-05-29T11:13:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929608
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 114.67.248.243:8082
Website Defacement by azraelzer0d4y of team b1ohaz4rd targeting IP-based host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 65.1.222.169 under the media/customer directory path. The defacement was a targeted single-site compromise with no indication of mass or home page defacement. No specific motive, server details, or organizational attribution were disclosed.
Date: 2026-05-29T11:07:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929605
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 65.1.222.169
Alleged data breach of Mostaql
Category: Data Breach
Content: A threat actor is soliciting a database breach of Mostaql, a freelancing platform, seeking structured records including first name, last name, email, phone, role, last activity, and profile URL. The actor specifically requests seller-role records and acknowledges that obtaining email and phone fields requires a database breach.
Date: 2026-05-29T11:06:51Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78120
Screenshots:
1 screenshot(s) available
Threat Actors: umz95
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Mostaql
Victim Site: mostaql.com
Website defacement by azraelzer0d4y of team b1ohaz4rd targeting server at 35.200.207.133
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a web resource hosted at IP address 35.200.207.133 on port 8080. The targeted servers geographic location, industry, and organizational ownership could not be determined from the available data. The incident was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com.
Date: 2026-05-29T11:06:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929596
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 35.200.207.133:8080
Website Defacement by azraelzer0d4y of b1ohaz4rd Team
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a website hosted at IP address 216.48.186.177. The defacement targeted a specific media/customer directory path and was neither a mass defacement nor a redefacement event. Limited technical details are available regarding the server software or attack vector used.
Date: 2026-05-29T11:05:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929602
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 216.48.186.177
Sale of initial access to Air France Passenger Name Records system
Category: Initial Access
Content: A threat actor claims to be selling employee login access to Air Frances Passenger Name Records (PNR) system via the companys website. The seller requests cryptocurrency payment and states proof is available upon request. PNR data typically contains sensitive traveler information including itineraries, contact details, and payment records.
Date: 2026-05-29T11:04:51Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78162
Screenshots:
1 screenshot(s) available
Threat Actors: niggasinparis
Victim Country: France
Victim Industry: Aviation
Victim Organization: Air France
Victim Site: airfrance.com
Website Defacement by azraelzer0d4y of b1ohaz4rd Team
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a website hosted at IP address 54.233.209.116, targeting a media or customer-related directory path. The incident was a targeted single-site defacement with no mass or repeated defacement indicators. The host IP resolves to an AWS EC2 instance in the South America (São Paulo) region, suggesting a Brazil-based target.
Date: 2026-05-29T11:04:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929599
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 54.233.209.116
Alleged request to purchase database of Mostaql
Category: Data Breach
Content: A forum user is soliciting the purchase of a database from mostaql.com, a freelancing platform. The post requests that someone breach the site and sell the resulting database. No breach has been confirmed at this time.
Date: 2026-05-29T11:03:59Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78201
Screenshots:
1 screenshot(s) available
Threat Actors: umz95
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Mostaql
Victim Site: mostaql.com
Website Defacement by azraelzer0d4y of Team b1ohaz4rd Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a web resource hosted at IP address 52.66.196.29, targeting a media/customer directory path. The attack was a targeted single-site defacement with no mass or redefacement indicators. The IP address is associated with AWS infrastructure in the India region, though the victim organization remains unidentified.
Date: 2026-05-29T11:03:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929597
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 52.66.196.29
Website Defacement by azraelzer0d4y of Team b1ohaz4rd Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with team b1ohaz4rd, defaced a web resource hosted at IP address 3.110.77.212, specifically targeting a media/customer directory path. The target infrastructure does not expose identifiable domain, organization, or server details. The incident is recorded as a single, non-mass, non-redefacement event with a mirror archived at zone-xsec.com.
Date: 2026-05-29T11:02:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929598
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 3.110.77.212
Website Defacement by azraelzer0d4y of b1ohaz4rd Team Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a web resource hosted at IP address 13.205.36.63 under the media/customer directory path. The target appears to be hosted on an AWS IP range (13.205.x.x is an Amazon AWS range), though the specific organization and industry could not be determined. No specific motivation or proof-of-concept details were provided for this incident.
Date: 2026-05-29T11:01:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929600
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 13.205.36.63
Website Defacement by azraelzer0d4y of b1ohaz4rd Team Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 167.71.228.169. The targeted URL path suggests the defacement affected a media or customer-related directory. No additional details regarding the victim organization, motive, or server environment were disclosed.
Date: 2026-05-29T11:00:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929601
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 167.71.228.169
Website Defacement by azraelzer0d4y of b1ohaz4rd Team Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a website hosted at IP address 3.6.2.58, targeting a media/customer directory path. The attack was a single targeted defacement with no mass defacement or redefacement indicators. Server software and victim organization details were not disclosed in the available intelligence.
Date: 2026-05-29T10:59:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929603
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 3.6.2.58
Website Defacement of Unknown Organization by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: A threat actor operating under the alias azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a web resource hosted at IP address 15.207.148.136 on May 29, 2026. The targeted path suggests a media or customer-related directory of the hosting server. The IP address resolves to an AWS region associated with India, though the specific organization and industry remain unidentified.
Date: 2026-05-29T10:58:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929604
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 15.207.148.136
Alleged data breach of Hong Kong mobile consumer database
Category: Data Breach
Content: A threat actor is offering a structured database purportedly containing over 1 million Hong Kong mobile consumer records. The dataset includes mobile numbers, carrier information, device models, usernames, credential/sign timestamps, and detailed address information. The post advertises access via a points-gated download and promotes a Telegram channel for additional database sales.
Date: 2026-05-29T10:58:21Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78119
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Hong Kong
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Bandung Regency government database
Category: Data Breach
Content: A forwarded message from DeepCore Network shares a direct link to what appears to be an exposed API endpoint on the Bandung Regency (Bandungkab) government website. The URL contains AWS S3 authentication parameters (signed credentials, timestamps, and signature) suggesting potential unauthorized data exposure or misconfigured cloud storage access.
Date: 2026-05-29T10:57:38Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/315
Screenshots:
2 screenshot(s) available
Threat Actors: DeepCore Network
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Bandung Regency Government (Pemerintah Kabupaten Bandung)
Victim Site: bedasdataapi.bandungkab.go.id
Sale of patient database dumps from Sifary Medical Technology Co., Ltd.
Category: Data Breach
Content: A threat actor is selling multiple production database dumps from Sifary Medical Technology, a dental equipment and cloud platform provider. The data allegedly includes approximately 2 million patient records, 500,000 .STL dental scan files, and 1.5 million password hashes for clinician accounts across platforms including Sifary Online Clinic, eighteeth.com, and dentbird.com. The actor claims persistent access to the infrastructure is also available for sale.
Date: 2026-05-29T10:57:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78093
Screenshots:
1 screenshot(s) available
Threat Actors: chinaleaks
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Sifary Medical Technology Co., Ltd.
Victim Site: sifary.com
Alleged data leak of Cecyte Coahuila (Mexico)
Category: Data Leak
Content: A threat actor known as hackstage has freely distributed a database allegedly belonging to Cecyte Coahuila, a Mexican educational institution. The leaked data reportedly includes records for suppliers, students, teachers, and administrative staff, as well as hashed user credentials. The data was made available via a Gofile link and promoted through a Telegram channel.
Date: 2026-05-29T10:56:04Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78193
Screenshots:
1 screenshot(s) available
Threat Actors: hackstage
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Cecyte Coahuila
Victim Site: Unknown
Alleged data leak of Revista Vistazo subscriber records from Ecuador
Category: Data Leak
Content: A threat actor has freely distributed an alleged database dump from Revista Vistazo, an Ecuadorian magazine publisher, exposing approximately 19,000 subscriber records. The leaked data reportedly includes full names, national ID numbers, addresses, phone numbers, email addresses, and partial credit card details including card type, masked number, and expiration date. Sample records shared in the post contain active session tokens and subscription metadata.
Date: 2026-05-29T10:55:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78206
Screenshots:
2 screenshot(s) available
Threat Actors: GondorPe
Victim Country: Ecuador
Victim Industry: Media
Victim Organization: Revista Vistazo
Victim Site: vistazo.com
Website Defacement by azraelzer0d4y of Team b1ohaz4rd Targeting IP-Based Host
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a web resource hosted at IP address 38.210.227.197 on port 80. The defacement targeted a media/custom directory path and was not classified as a mass or home page defacement. The victim organization and industry remain unidentified due to the use of a raw IP address rather than a named domain.
Date: 2026-05-29T10:52:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929593
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 38.210.227.197:80
Website Defacement by azraelzer0d4y of Team b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a web resource hosted at IP address 168.144.37.217 on port 8080. The targeted servers organization, industry, and geographic location could not be determined from available data. The incident was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-05-29T10:49:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929592
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 168.144.37.217:8080
CVE-2024-42682: Undocumented Root Account in PUSR USR-G806AU Industrial 4G Router
Category: Vulnerability
Content: A security researcher disclosed CVE-2024-42682, an undocumented uid=0 account named usr found in the PUSR USR-G806AU industrial 4G LTE VPN router, with a password recoverable from a bundled utility enabling remote SSH access. The issue was confirmed on firmware versions 1.0.41 and 2.0.13; PUSR has not responded to disclosure attempts since 2024. The researcher withheld the actual password but warned that a competent attacker could independently recover it.
Date: 2026-05-29T10:32:13Z
Network: openweb
Published URL: https://tier1.life/thread/268
Screenshots:
9 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Jinan USR IOT Technology Limited
Victim Site: usr-iot.com
Website Defacement by chinafans (0xteam) Targeting Infomaniak Preview Domain
Category: Defacement
Content: On May 29, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a website hosted on the Infomaniak preview subdomain. The attack targeted a single site and does not appear to be part of a mass or redefacement campaign. Infomaniak is a Swiss-based web hosting and cloud services provider, suggesting the victim may be a customer-hosted preview environment rather than Infomaniak itself.
Date: 2026-05-29T10:15:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929583
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Switzerland
Victim Industry: Technology / Web Hosting
Victim Organization: Infomaniak
Victim Site: 6a3pfacakh.preview.infomaniak….
Website Defacement of Infiniti Construtora by chinafans (0xteam)
Category: Defacement
Content: The Brazilian construction company Infiniti Construtora had its website defaced by threat actor chinafans, operating under the group 0xteam, on May 29, 2026. The defacement targeted a specific page on the domain rather than the homepage, indicating a targeted sub-path attack. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-29T10:15:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929568
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Construction
Victim Organization: Infiniti Construtora
Victim Site: infiniticonstrutora.com.br
Website Defacement of kamfood.net by chinafans of 0xteam
Category: Defacement
Content: On May 29, 2026, the website kamfood.net was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. No specific motive or additional technical details were disclosed.
Date: 2026-05-29T10:14:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929582
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: Kam Food
Victim Site: kamfood.net
Website Defacement of sditalashr.com by chinafans (0xteam)
Category: Defacement
Content: The website sditalashr.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement was recorded on May 29, 2026, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation, server details, or victim country were identified in the available data.
Date: 2026-05-29T10:13:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929569
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SDI Talashr
Victim Site: sditalashr.com
Website defacement of hton.org.np by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Nepalese website hton.org.np. The defacement targeted a specific text file path (/0x.txt) and was a single, non-mass incident. No specific motivation or server details were disclosed.
Date: 2026-05-29T10:12:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929571
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: HTON
Victim Site: hton.org.np
Website defacement of myqm2u.com by chinafans of 0xteam
Category: Defacement
Content: On May 29, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website myqm2u.com by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no additional technical details such as server software or exploitation method disclosed. A mirror of the defaced page is archived via zone-xsec.com.
Date: 2026-05-29T10:12:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929542
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: myqm2u.com
Website Defacement of iRepair Services LLC by chinafans (0xTeam)
Category: Defacement
Content: On May 29, 2026, the website of iRepair Services LLC was defaced by a threat actor operating under the alias chinafans, affiliated with the hacking group 0xTeam. The defacement was a targeted, non-mass incident affecting a single page (0x.txt) on the domain. The attack appears to be opportunistic in nature, targeting a small electronics repair services business based in the United States.
Date: 2026-05-29T10:11:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929586
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Technology / Electronics Repair Services
Victim Organization: iRepair Services LLC
Victim Site: irepairservicesllc.com
Website defacement of e-planifik.pe by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, a threat actor using the handle chinafans, operating under the group 0xteam, defaced the Peruvian website e-planifik.pe by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no additional details provided regarding the attackers motive or exploited vulnerability.
Date: 2026-05-29T10:10:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929548
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: E-Planifik
Victim Site: e-planifik.pe
Website defacement of Capitalhus by chinafans of 0xteam
Category: Defacement
Content: On May 29, 2026, threat actor chinafans operating under the group 0xteam defaced the Icelandic website capitalhus.is, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no mass or repeat defacement indicators reported.
Date: 2026-05-29T10:09:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929559
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Iceland
Victim Industry: Unknown
Victim Organization: Capitalhus
Victim Site: capitalhus.is
Website Defacement of rashifathasneem.com by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, threat actor chinafans operating under the group 0xteam defaced the website rashifathasneem.com, leaving a defacement file at the path /0x.txt. The incident was a targeted, non-mass defacement with no specific reason disclosed. A mirror of the defacement was archived by zone-xsec.com.
Date: 2026-05-29T10:08:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929584
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Astrology/Personal Services
Victim Organization: Rashifat Hasneem
Victim Site: rashifathasneem.com
Website Defacement of Legacy WB Solutions by chinafans (0xteam)
Category: Defacement
Content: The website legacywbsolutions.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 29, 2026. The defacement was a targeted single-site attack, not a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com for forensic reference.
Date: 2026-05-29T10:08:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929590
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology/Web Solutions
Victim Organization: Legacy WB Solutions
Victim Site: legacywbsolutions.com
Website Defacement of whzs-vfb.com by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, the website whzs-vfb.com was defaced by a threat actor operating under the alias chinafans, affiliated with the hacking group 0xteam. The defacement was a targeted single-site incident, with the defaced content accessible at the path /0x.txt. No additional details regarding the victim organization, motive, or server infrastructure were disclosed.
Date: 2026-05-29T10:07:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929574
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: whzs-vfb.com
Website Defacement of Maisonmounsi by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, the website maisonmounsi.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt, consistent with the teams naming convention. The incident was a single-target, non-mass defacement with no specific motivation publicly stated.
Date: 2026-05-29T10:06:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929558
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail/Fashion
Victim Organization: Maison Mounsi
Victim Site: maisonmounsi.com
Website Defacement of Ores Consultores by chinafans (0xteam)
Category: Defacement
Content: The website oresconsultores.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 29, 2026. The defacement targeted a file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or additional technical details were disclosed.
Date: 2026-05-29T10:05:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929580
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Consulting
Victim Organization: Ores Consultores
Victim Site: oresconsultores.com
Website Defacement of AutoBank Vietnam by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced a file on the Vietnamese banking website autobank.com.vn. The defacement targeted a specific text file (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T10:05:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929560
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Banking and Financial Services
Victim Organization: AutoBank Vietnam
Victim Site: autobank.com.vn
Website Defacement of pipit123.com by chinafans (0xteam)
Category: Defacement
Content: The website pipit123.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 29, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com, a known defacement tracking platform.
Date: 2026-05-29T10:04:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929546
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pipit123.com
Website Defacement of Equative Solutions by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, the website equativesolutions.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker planted a defacement file at the path /0x.txt. The incident was a targeted, non-mass defacement with no specific reason disclosed.
Date: 2026-05-29T10:03:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929555
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology / Business Solutions
Victim Organization: Equative Solutions
Victim Site: equativesolutions.com
Website Defacement of Car and Truck Hospital by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, the Australian automotive services website carandtruckhospital.com.au was defaced by threat actor chinafans operating under the group 0xteam. The attack targeted a specific subdirectory of the site rather than the homepage and was neither a mass nor repeat defacement. A mirror of the defaced page was archived via zone-xsec.com.
Date: 2026-05-29T10:02:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929556
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Automotive Services
Victim Organization: Car and Truck Hospital
Victim Site: carandtruckhospital.com.au
Website Defacement of nellv.com by chinafans (0xteam)
Category: Defacement
Content: On May 29, 2026, the website nellv.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with a mirror of the defacement archived at zone-xsec.com. No specific motive, server details, or organizational information were disclosed in connection with this incident.
Date: 2026-05-29T10:01:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929581
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nellv.com
Website Defacement of maxwolfinger.com by chinafans (0xteam)
Category: Defacement
Content: The website maxwolfinger.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was recorded on May 29, 2026, targeting a file path (0x.txt) on the domain. The incident was a singular, non-mass defacement with no specific motive publicly stated.
Date: 2026-05-29T10:01:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929589
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Max Wolfinger
Victim Site: maxwolfinger.com
Alleged data leak of Croatian government website (gov.hr)
Category: Data Leak
Content: A threat actor identified as INFGRUPA claims to have breached a Croatian government website and is freely distributing a dataset of approximately 60,000 records. The leaked data allegedly includes full names, OIB (Personal Identification Numbers), JMBG (Unique Citizen Identification Numbers), and dates of birth. The data is being made available via a public download link at no cost.
Date: 2026-05-29T09:32:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78112
Screenshots:
1 screenshot(s) available
Threat Actors: vvvv
Victim Country: Croatia
Victim Industry: Government
Victim Organization: Croatian Government
Victim Site: gov.hr
Alleged data leak of Naresuan University, Thailand
Category: Data Leak
Content: A threat actor claiming to be Anonymous2090 alleges to have breached and exfiltrated databases belonging to Naresuan University in Thailand. The data has been made available for free download via a MediaFire link protected with a password. No record count or specific data fields were disclosed in the post.
Date: 2026-05-29T09:31:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78207
Screenshots:
1 screenshot(s) available
Threat Actors: Anonymous2090
Victim Country: Thailand
Victim Industry: Education
Victim Organization: Naresuan University
Victim Site: nu.ac.th
Alleged data leak of Israeli website including database and source code
Category: Data Leak
Content: A threat actor operating under the alias Anonymous2090 has freely distributed an archive claimed to contain a database and source code from an Israeli website hosted on a .co.il domain. The files are available via a public file-sharing link protected by a password matching the actors username. No further details about the victim organization or record count were provided.
Date: 2026-05-29T09:30:08Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78209
Screenshots:
1 screenshot(s) available
Threat Actors: Anonymous2090
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Mansura University student records
Category: Data Leak
Content: A threat actor operating under Operation Revenge has allegedly leaked a CSV file (1.9GB) containing records of approximately 1 million students from Mansura University in Egypt. The data is being distributed for free via a hidden content gate on the forum.
Date: 2026-05-29T09:29:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78215
Screenshots:
1 screenshot(s) available
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Mansura University
Victim Site: Unknown
Alleged data leak of Pikabu.ru user database
Category: Data Leak
Content: A threat actor has freely distributed an alleged database from Pikabu.ru, a Russian social media and forum platform. The dataset contains approximately 1 million records in username:phone:email format and is available for free download via an external file hosting link.
Date: 2026-05-29T09:28:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78217
Screenshots:
1 screenshot(s) available
Threat Actors: ijustbik
Victim Country: Russia
Victim Industry: Technology
Victim Organization: Pikabu
Victim Site: pikabu.ru
Alleged data leak of Punto Vital Colombia patient records
Category: Data Leak
Content: A threat actor leaked alleged patient records from Punto Vital, a Colombian healthcare provider (IPS). The dataset reportedly covers 2019 to 2026 and includes full names, dates of birth, phone numbers, addresses, places of birth, patient signatures, and patient photos.
Date: 2026-05-29T09:26:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-EXPEDIENTES-PUNTO-VITAL-COLOMBIA-3K–78222
Screenshots:
1 screenshot(s) available
Threat Actors: Bytedope157sp
Victim Country: Colombia
Victim Industry: Healthcare
Victim Organization: Punto Vital
Victim Site: puntovitalips.com
Alleged Delta Airlines credential list or data dump
Category: Data Leak
Content: A file named delta_airlines.txt is being shared via MediaFire download link in the DEWATA BLACKHAT channel. The file format is TXT, suggesting it may contain credentials, customer data, or other sensitive information related to Delta Airlines.
Date: 2026-05-29T09:26:11Z
Network: telegram
Published URL: https://t.me/KAR4WANG_ERROR_SYSTEM/719
Screenshots:
2 screenshot(s) available
Threat Actors: KARAWANG ERROR SYSTEM
Victim Country: United States
Victim Industry: Aviation/Airlines
Victim Organization: Delta Airlines
Victim Site: delta.com
Alleged data leak of 490,000 citizens of Ambato, Ecuador with webshell access to government servers offered for sale
Category: Data Leak
Content: Threat actor VandalsGroup has freely leaked a dataset purportedly containing 490,000 records of all citizens of Ambato, Ecuador, including national identification numbers, full names, and dates of birth. The post also advertises for sale webshell access with full intranet access to two Ecuadorian government servers at ambato.gob.ec and tungurahua.gob.ec. Sample records consistent with Ecuadorian national ID formats are provided as proof.
Date: 2026-05-29T09:25:43Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78225
Screenshots:
1 screenshot(s) available
Threat Actors: VandalsGroup
Victim Country: Ecuador
Victim Industry: Government
Victim Organization: Municipality of Ambato / Tungurahua Provincial Government
Victim Site: ambato.gob.ec
Alleged data breach of Bangladesh Probashi Welfare Board (probashi.gov.bd)
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 482,000 records originating from probashi.gov.bd, a Bangladeshi government portal for overseas migrant workers. The dataset reportedly contains three interconnected sections — Contacts, BMET Registrations, and PDO Enrollments — including passport numbers, national ID numbers, full names, mobile phones, dates of birth, addresses, and emergency contact details. The data is being offered for $1,300 via Telegram.
Date: 2026-05-29T09:24:13Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78259
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Probashi Welfare Board
Victim Site: probashi.gov.bd
Alleged data breach of Mutualité Chrétienne (christianmut.be) exposing insurance client records
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of approximately 268,000 records from Mutualité Chrétienne, a Belgian Christian mutual health insurance organization. The dataset is claimed to include three interconnected sections covering customer contacts (with national ID numbers, birth details, and employer information), insurance policy records, and claims records (including hospital names, doctor names, fraud flags, and incident descriptions). The data is priced at $1,400 and sample
Date: 2026-05-29T09:22:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78260
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Belgium
Victim Industry: Healthcare
Victim Organization: Mutualité Chrétienne
Victim Site: mutualite.christianmut.be
Alleged data breach of Brazils CRMV veterinary regulatory body
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 582,000 records sourced from crmv.org.br, Brazils regional veterinary regulatory council. The dataset is organized into three sections covering veterinarian contact details, official license records, and continuing education enrollments, including fields such as full name, email, phone, date of birth, license number, and compliance status. Sample files are shared via Gofile links.
Date: 2026-05-29T09:21:29Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78261
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Brazil
Victim Industry: Government
Victim Organization: CRMV (Conselho Regional de Medicina Veterinária)
Victim Site: crmv.org.br
Alleged data breach of Petlove (petlove.com.br) exposing customer and order data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Brazilian pet retail platform Petlove (petlove.com.br) for $1,400, claiming approximately 684,000 records. The dataset purportedly includes customer contacts (with veterinarian license numbers, personal identifiers, and addresses), support tickets, and order details including payment methods and shipping information. Sample download links are provided via Gofile.
Date: 2026-05-29T09:20:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78262
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Brazil
Victim Industry: Retail
Victim Organization: Petlove
Victim Site: petlove.com.br
Alleged data breach of Autoline Brazil automotive platform
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from autoline.com.br, a Brazilian automotive platform. The dataset reportedly contains 812,000 records across three sections: customer contacts (including personal identifiers, phone numbers, emails, and social media profiles), vehicle inquiries, and service requests. Sample data has been made available via file-sharing links.
Date: 2026-05-29T09:18:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78264
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: Autoline
Victim Site: autoline.com.br
Alleged data breach of hardwaresales.ca
Category: Data Breach
Content: A threat actor is selling an alleged database dump from hardwaresales.ca, a Canadian hardware retailer, priced at $1,300. The dataset reportedly contains approximately 374,000 records across three sections: customer contacts (including full names, emails, phone numbers, addresses, and birth dates), order history, and account security data including passwords and password hints. The seller is accepting forum escrow and can be contacted via Telegram.
Date: 2026-05-29T09:17:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78265
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Hardware Sales
Victim Site: hardwaresales.ca
Alleged data breach of DatingBuzz South Africa with 672K user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from datingbuzz.co.za containing approximately 672,000 records. The data reportedly includes email addresses, password hashes, dates of birth, gender, location data, and partner preferences across three structured tables. Sample files have been shared via Gofile links.
Date: 2026-05-29T09:16:27Z
Network: openweb
Published URL: https://breached.su/threads/672k-south-africa-https-www-datingbuzz-co-za-active-email-dob-gender-password-hash-location-data-from-dating-profiles.87711/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Moelester
Victim Country: South Africa
Victim Industry: Entertainment
Victim Organization: DatingBuzz
Victim Site: datingbuzz.co.za
Website Defacement of Four Winds Microdosing by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: On May 29, 2026, the website fourwindsmicrodosing.com was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The attack targeted the homepage of the site, a business associated with microdosing health and wellness services. The incident was a single targeted defacement, not part of a mass defacement campaign.
Date: 2026-05-29T08:53:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929540
Screenshots:
1 screenshot(s) available
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: United States
Victim Industry: Health & Wellness / Alternative Medicine
Victim Organization: Four Winds Microdosing
Victim Site: fourwindsmicrodosing.com
Alleged data breach of Doctissimo forum (France) exposing 524K user records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from forum.doctissimo.fr containing approximately 524,000 records. The dataset is structured into three sections: Contacts (user PII including email addresses, IP addresses, dates of birth, and login metadata), Support Tickets (customer service interactions and case details), and Forum Activity Logs (user activity and IP tracking data). The data is being sold and described as fresh and organized.
Date: 2026-05-29T08:49:51Z
Network: openweb
Published URL: https://breached.su/threads/524k-france-https-forum-doctissimo-fr-anonymous-posts-and-user-data-discussion-thread.87700/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: France
Victim Industry: Media
Victim Organization: Doctissimo
Victim Site: forum.doctissimo.fr
Alleged data breach of SalesAutopilot (salesautopilot.hu) exposing 184K Hungarian user contacts and engagement data
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from salesautopilot.hu, a Hungarian marketing automation platform, containing approximately 184,000 records. The dataset is structured across three sections — Contacts, Email Engagements, and Subscription Sessions — and includes personally identifiable information such as full names, email addresses, phone numbers, dates of birth, gender, GDPR consent status, IP addresses, and subscription metadata. Sample data files were shared via Gofi…
Date: 2026-05-29T08:49:19Z
Network: openweb
Published URL: https://breached.su/threads/184k-hungary-https-www-salesautopilot-hu-verified-user-contacts-with-subscription-and-engagement-data.87701/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Hungary
Victim Industry: Technology
Victim Organization: SalesAutopilot
Victim Site: salesautopilot.hu
Alleged data breach of Jelgava City Government Portal (jelgava.lv)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from jelgava.lv, a Latvian local government website, for $1,200. The dataset reportedly contains approximately 137,000 records across three sections: user contacts (including full names, emails, phone numbers, addresses, and dates of birth), event bookings, and municipal service requests. The data includes personally identifiable information such as gender, date of birth, and marketing preferences.
Date: 2026-05-29T08:48:12Z
Network: openweb
Published URL: https://breached.su/threads/137k-latvia-https-www-jelgava-lv-user-contacts-and-registration-data-from-local-government-site.87703/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Latvia
Victim Industry: Government
Victim Organization: Jelgava City Municipality
Victim Site: jelgava.lv
Alleged data breach of forums.apollo.lv exposing 215,000 Latvian forum user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from forums.apollo.lv, a Latvian online forum, containing approximately 215,000 records. The dataset is structured across three sections covering user contact profiles, private message metadata, and security credentials including password hashes, password reset tokens, and multi-factor authentication settings. The post claims the data is fresh and organized for practical use.
Date: 2026-05-29T08:47:38Z
Network: openweb
Published URL: https://breached.su/threads/215k-latvia-https-forums-apollo-lv-dark-web-forum-with-anonymous-posts-and-encrypted-user-data.87705/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Latvia
Victim Industry: Online Community / Forum
Victim Organization: Apollo Forums
Victim Site: forums.apollo.lv
Alleged data breach of Stadgenoot (mijn.stadgenoot.nl) exposing 472K Netherlands resident records
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from Stadgenoot, a Netherlands-based housing organization, priced at $1,100. The dataset reportedly contains 472,000 records across three sections: Contacts (PII including name, email, phone, date of birth, address), Rentalapplications (including password hashes, credit scores, background check status), and Supporttickets (including unit details and communication logs). Sample files were shared via Gofile links as proof.
Date: 2026-05-29T08:47:05Z
Network: openweb
Published URL: https://breached.su/threads/472k-netherlands-https-mijn-stadgenoot-nl-active-user-profiles-with-emails-contacts-and-subscription-data.87706/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Netherlands
Victim Industry: Real Estate
Victim Organization: Stadgenoot
Victim Site: mijn.stadgenoot.nl
Alleged data breach of home.pl with active user credentials and contact details
Category: Data Breach
Content: A threat actor is selling an alleged dataset from home.pl, a Polish web hosting and internet services provider, containing approximately 473,000 records. The dataset reportedly includes customer contact details (names, emails, phone numbers, addresses, usernames, hashed passwords), website session data, and marketing campaign assets. The seller is asking $1,200 and accepts forum escrow.
Date: 2026-05-29T08:46:32Z
Network: openweb
Published URL: https://breached.su/threads/473k-poland-https-home-pl-active-user-credentials-and-contact-details-dataset.87707/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Poland
Victim Industry: Technology
Victim Organization: home.pl
Victim Site: home.pl
Alleged data breach of smtp.ru with customer contacts, SMTP credentials, and usage logs
Category: Data Breach
Content: A threat actor is selling an alleged dataset from smtp.ru, a Russian email service provider, for $1,400. The dataset purportedly contains approximately 683,000 records across three sections: customer contact records (including PII, job titles, and account status), SMTP account credentials (including encrypted passwords and 2FA status), and SMTP usage logs (including IP addresses and device info).
Date: 2026-05-29T08:46:00Z
Network: openweb
Published URL: https://breached.su/threads/683k-russia-https-smtp-ru-email-contacts-with-job-titles-and-account-status-data.87708/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Russia
Victim Industry: Technology
Victim Organization: smtp.ru
Victim Site: smtp.ru
Website Defacement of edwinmerino.com by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 29, 2026, threat actor aexdy, operating under the team Leviathan Perfect Hunter, defaced the homepage of edwinmerino.com. The attack was a targeted single-site defacement affecting the main page of what appears to be a personal website. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T08:45:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929538
Screenshots:
1 screenshot(s) available
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Personal/Individual
Victim Organization: Edwin Merino
Victim Site: edwinmerino.com
Alleged data breach of teamo.ru with candidate profiles and authentication records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from teamo.ru, a Russian platform, containing approximately 284,000 records across three sections: Contacts, User Profiles, and Authentication Records. The data includes personally identifiable information such as full names, emails, phone numbers, age, gender, and city, as well as sensitive authentication data including password hashes, session tokens, MFA details, and security question answers. The seller is offering the dataset for $900 via Telegra…
Date: 2026-05-29T08:45:26Z
Network: openweb
Published URL: https://breached.su/threads/284k-russia-https-teamo-ru-candidate-profiles-with-verified-emails-and-it-industry-details.87709/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Russia
Victim Industry: Technology
Victim Organization: Teamo
Victim Site: teamo.ru
Alleged data breach of start.ru with user profiles, credentials, and subscription data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from start.ru, a Russian streaming/tech platform, containing approximately 742,000 records. The data is structured across three sections covering user contact information (including hashed passwords and authentication data), premium subscription details, and IP ban logs. The seller is offering the dataset for $1,400 via Telegram.
Date: 2026-05-29T08:44:51Z
Network: openweb
Published URL: https://breached.su/threads/742k-russia-https-start-ru-user-profiles-with-emails-passwords-activity-logs-and-account-statuses.87710/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Russia
Victim Industry: Technology
Victim Organization: Start.ru
Victim Site: start.ru
Alleged compromise of Buona Spesa supermarket chain surveillance systems in Italy
Category: Cyber Attack
Content: NoName057(16) threat actor claims to have gained unauthorized access to the surveillance and camera systems of MD/Buona Spesa, a major Italian supermarket chain. The post includes descriptions of specific store zones and claims real-time monitoring capability of customer and employee activity. The actor frames this as retaliation against Italian support for Ukraine and threatens further disclosures.
Date: 2026-05-29T08:43:10Z
Network: telegram
Published URL: https://t.me/c/3087552512/2044
Screenshots:
1 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Retail/Supermarket
Victim Organization: MD S.p.A. (Buona Spesa)
Victim Site: mdspa.it
Website Defacement of fourwind.store by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 29, 2026, the website fourwind.store was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The attack targeted the homepage of the site in a singular, targeted defacement rather than a mass campaign. The incident has been archived and mirrored via zone-xsec.com for forensic reference.
Date: 2026-05-29T08:42:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929539
Screenshots:
1 screenshot(s) available
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Fourwind Store
Victim Site: fourwind.store
Alleged DxSale DEX Protocol Exploit – $7.3 Million Loss on BNB Chain
Category: Cyber Attack
Content: DxSale decentralized exchange protocol was allegedly exploited resulting in approximately $7.3 million in losses. The attack affected 1,400 liquidity pools on BNB Chain. Threat actors reportedly swapped a portion of stolen funds to BNB and transferred them to Binance addresses.
Date: 2026-05-29T08:41:56Z
Network: telegram
Published URL: https://t.me/c/1397463379/11391
Screenshots:
2 screenshot(s) available
Threat Actors: LZT
Victim Country: Unknown
Victim Industry: Cryptocurrency/DeFi
Victim Organization: DxSale
Victim Site: dxsale.app
Solicitation for customer data access bypassing Akamai WAF at three Japanese banks
Category: Initial Access
Content: A threat actor is soliciting assistance to obtain high-value customer data from three major Japanese banks — SMBC, Mizuho Bank, and MUFG — stating their technicians are blocked by Akamai WAF protections. The post requests methods to bypass the WAF and acquire the data, indicating a targeted data theft operation in progress.
Date: 2026-05-29T08:22:54Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78132
Screenshots:
1 screenshot(s) available
Threat Actors: ceil9485763
Victim Country: Japan
Victim Industry: Finance
Victim Organization: Sumitomo Mitsui Banking Corporation, Mizuho Bank, MUFG
Victim Site: smbc.co.jp, mizuhobank.co.jp, mufg.jp
Alleged leak of two classified FSB intelligence reports
Category: Data Leak
Content: A threat actor has freely distributed two alleged classified FSB documents in RTF format via Telegram and a dark web forum. The first document reportedly details methodological procedures for intelligence interception operations (ROTM), and the second analyzes foreign intelligence activity since 2022, identifying Ukraine and Western services as primary actors. The documents are claimed to be internal FSB reports covering operational procedures, personnel targeting, and counterintelligence weakne…
Date: 2026-05-29T08:16:28Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78111
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: Russia
Victim Industry: Government
Victim Organization: Federal Security Service (FSB)
Victim Site: fsb.ru
Alleged data leak of FNHPA (Fédération Nationale de lHôtellerie de Plein Air)
Category: Data Leak
Content: A threat actor has freely leaked a database allegedly belonging to FNHPA, the main professional federation for campsite and outdoor hospitality operators in France. The leak contains approximately 9,000 records across two JSON files: invoices (factures) with financial details including IBAN/BIC banking coordinates, SIRET numbers, and VAT identifiers, and a user file containing campsite operator details such as email addresses, phone numbers, physical addresses, and geolocation data. The data app…
Date: 2026-05-29T08:14:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78087
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Hospitality
Victim Organization: FNHPA
Victim Site: fnhpa.com
Alleged data breach of 56qq.com exposing user contact and activity logs
Category: Data Breach
Content: A threat actor is selling an alleged dataset from 56qq.com comprising approximately 472,000 records organized into three sections: user contacts (including email addresses, gender, birth date, and registration details), user access logs (including IP addresses, session tokens, browser agents, and login metadata), and user credits and engagement data. The dataset is priced at $1,300 and the seller can be contacted via Telegram.
Date: 2026-05-29T08:13:13Z
Network: openweb
Published URL: https://breached.su/threads/472k-china-https-www-56qq-com-user-contact-and-activity-logs-database.87697/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: China
Victim Industry: Unknown
Victim Organization: 56qq.com
Victim Site: 56qq.com
Alleged data breach of National University Bangladesh
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from nu.ac.bd, the National University of Bangladesh, containing approximately 273,000 records. The dataset spans three sections — Contacts, Alumni Rankings, and Membership Identification — with fields including full names, email addresses, phone numbers, dates of birth, postal addresses, and credential/certification details. Sample download links are provided via Gofile.
Date: 2026-05-29T08:12:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78257
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: National University Bangladesh
Victim Site: nu.ac.bd
Alleged data breach of Alza.cz with customer and order records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from alza.cz, a major Czech e-commerce retailer, containing approximately 437,000 records. The dataset is structured across three sections — Contacts, Orders, and Support Tickets — and includes personal identifiable information such as names, emails, phone numbers, dates of birth, mailing addresses, loyalty card data, and admin-level credentials. The seller is asking $1,100 and accepts forum escrow for the transaction.
Date: 2026-05-29T08:12:41Z
Network: openweb
Published URL: https://breached.su/threads/437k-czech-republic-https-www-alza-cz-active-web-user-accounts-with-email-and-region-data.87698/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Czech Republic
Victim Industry: Retail
Victim Organization: Alza
Victim Site: alza.cz
Alleged data breach of Doctissimo forum with user contact and authentication data
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from forum.doctissimo.fr containing approximately 243,000 records. The dataset reportedly includes user contact information, authentication data (password hashes, salts, reset tokens), and notification preferences organized across three tables. Sensitive fields include email addresses, password hashes, phone numbers, and security-related metadata.
Date: 2026-05-29T08:12:05Z
Network: openweb
Published URL: https://breached.su/threads/243k-france-https-forum-doctissimo-fr-anonymous-posts-and-user-activity-data-records.87699/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: France
Victim Industry: Media
Victim Organization: Doctissimo
Victim Site: forum.doctissimo.fr
Alleged sale of compromised TikTok and SHEIN business accounts
Category: Initial Access
Content: Threat actor offering bulk purchase of compromised TikTok US accounts (500K+ followers at 350 USDT each), TikTok personal accounts with complete documents (100 USDT), and SHEIN self-operated LLC accounts across US and EU markets (500-800 USDT). Prices listed in USDT with contact via Telegram for transactions.
Date: 2026-05-29T06:21:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/92171
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: United States
Victim Industry: Social Media, E-commerce
Victim Organization: TikTok, SHEIN
Victim Site: tiktok.com, shein.com
Alleged USDT Money Laundering and Cryptocurrency Fraud Scheme
Category: Cyber Attack
Content: Multiple coordinated posts advertising USDT purchasing services with commission offers (10-25%). Users claim to be from China with cryptocurrency purchase restrictions and offer commissions to facilitate USDT transactions. Pattern suggests organized money laundering or advance-fee fraud scheme targeting cryptocurrency traders.
Date: 2026-05-29T04:53:32Z
Network: telegram
Published URL: https://t.me/c/2613583520/92101
Screenshots:
1 screenshot(s) available
Threat Actors: Unknown coordinated fraud ring
Victim Country: Unknown
Victim Industry: Financial/Cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Musson by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media/customer directory page on the Musson website (www.musson.com). The incident was a targeted single-page defacement rather than a mass or home page compromise. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-29T04:16:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929409
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / Distribution
Victim Organization: Musson
Victim Site: www.musson.com
Website Redefacement of iDropan Shop by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The e-commerce website idropanshop.com was redefaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd, on May 29, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced by the same or another actor. The defacement was limited to a specific media directory path rather than the sites homepage, suggesting targeted exploitation of an upload or media handling vulnerability.
Date: 2026-05-29T04:15:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929411
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: iDropan Shop
Victim Site: www.idropanshop.com
Website Redefacement of Beads Venue by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The Australian online retail website Beads Venue (beadsvenue.com.au) was defaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd. This incident is a redefacement, indicating the site had been previously compromised by the same or related actor. The attack targeted a subdirectory of the site rather than the homepage.
Date: 2026-05-29T04:13:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929412
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Retail / E-commerce
Victim Organization: Beads Venue
Victim Site: www.beadsvenue.com.au
Website Defacement of Nha Sach Quang Loi by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a subdirectory of nhasachquangloi.vn, a Vietnamese bookstore website. The attack was a targeted, non-mass defacement affecting a specific page rather than the homepage. No team affiliation, stated motive, or technical details about the server environment were disclosed.
Date: 2026-05-29T04:12:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929410
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Retail / Bookstore
Victim Organization: Nha Sach Quang Loi
Victim Site: nhasachquangloi.vn
Alleged data leak of 490K citizen records from Ambato, Ecuador with webshell access for sale
Category: Data Leak
Content: Threat actor VandalsGroup has freely released a dataset allegedly containing 490,000 citizen records of the entire population of Ambato, Ecuador, including national identification numbers, dates of birth, and full names. The actor also claims to be selling webshell access with full intranet access to two government servers at ambato.gob.ec and tungurahua.gob.ec. Sample records are provided as proof of claim.
Date: 2026-05-29T04:03:31Z
Network: openweb
Published URL: https://breached.su/threads/ecuador-490k-records-of-all-citizens-of-ambato-ecuador-webshell.87695/unread
Screenshots:
8 screenshot(s) available
Threat Actors: VandalsGroup
Victim Country: Ecuador
Victim Industry: Government
Victim Organization: Municipality of Ambato / Tungurahua Provincial Government
Victim Site: ambato.gob.ec
Website Defacement of Kunst-Koeder.de by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a media/customer-facing subdirectory of kunst-koeder.de, a German arts and fishing supplies retail website. The incident was a targeted single-site defacement with no known team affiliation, mass campaign, or prior redefacement history. Technical details such as server software and IP address were not disclosed in available reporting.
Date: 2026-05-29T04:00:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929363
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / E-Commerce (Arts & Crafts / Fishing Supplies)
Victim Organization: Kunst-Koeder
Victim Site: kunst-koeder.de
Website Redefacement of Herbal Snu by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against www.herbalsnu.com, targeting a subdirectory within the sites media path. This incident marks at least a second successful defacement of the same target, suggesting persistent access or recurring vulnerability exploitation. The attacker operated without affiliation to a known team.
Date: 2026-05-29T03:57:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929358
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Health & Wellness
Victim Organization: Herbal Snu
Victim Site: www.herbalsnu.com
Website defacement of Inforshop by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, the Brazilian e-commerce or technology retail website inforshop.com.br was defaced by threat actor azraelzer0d4y, a member of the hacking group b1ohaz4rd. The defacement targeted a subdirectory path within the sites media folder and was not classified as a mass or home page defacement. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-29T03:51:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929165
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Retail / E-commerce
Victim Organization: Inforshop
Victim Site: inforshop.com.br
Website Defacement of Panborrachas by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: The Brazilian rubber products company Panborrachas had a page on its website defaced by threat actor azraelzer0d4y, operating under the group b1ohaz4rd, on May 29, 2026. The defacement targeted a subdirectory within the sites media path rather than the homepage, indicating a targeted file-level compromise. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-29T03:49:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/929163
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Retail / Manufacturing (Rubber Products)
Victim Organization: Panborrachas
Victim Site: panborrachas.com.br
Alleged data breach of Algerias Ministry of Tourism and Handicrafts (mta.gov.dz)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from mta.gov.dz, the Algerian Ministry of Tourism and Handicrafts, containing approximately 728,000 records. The dataset is structured across three sections: customer contacts, ticket support requests, and service booking history, including personally identifiable information such as names, emails, phone numbers, addresses, and payment details. Sample files are shared via external file-hosting links.
Date: 2026-05-29T03:43:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78223
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Algeria
Victim Industry: Government
Victim Organization: Ministry of Tourism and Handicrafts Algeria
Victim Site: mta.gov.dz
Alleged data breach of MercadoPago Argentina with customer and financial records
Category: Data Breach
Content: A threat actor is selling an alleged dataset attributed to MercadoPago Argentina, priced at $1,100, comprising approximately 425,000 records across three sections: Customer Contacts (including PII, password hashes, and CRM data), Payment Accounts (including national IDs, KYC status, account balances, and fraud flags), and Transaction History (including billing addresses, transaction amounts, IP addresses, and chargeback data). Sample download links were provided via Gofile to substantiate the cl…
Date: 2026-05-29T03:41:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78224
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Argentina
Victim Industry: Finance
Victim Organization: MercadoPago
Victim Site: mercadopago.com.ar
Alleged data breach of Argentinas Poder Judicial de la Nación (PJN)
Category: Data Breach
Content: A threat actor is offering a dataset purportedly sourced from Argentinas Poder Judicial de la Nación (pjn.gov.ar), containing approximately 563,000 records across three categories: contact records (including national IDs, personal emails, phone numbers, home addresses, and date of birth), legal case client data (including social security numbers, case details, and court information), and legal support tickets. The data includes highly sensitive personally identifiable information tied to indivi
Date: 2026-05-29T03:40:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78227
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Poder Judicial de la Nación
Victim Site: pjn.gov.ar
Alleged data breach of Argentina Ministry of Justice (jus.gob.ar)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from jus.gob.ar, the Argentine Ministry of Justice, containing approximately 684,000 records. The dataset is structured across three sections — Contact, Legal Case Application, and Customer Interaction Log — and includes national IDs, full names, email addresses, home addresses, phone numbers, dates of birth, legal case details, and interaction logs. The data is described as fresh and organized, and a sample download link is provided.
Date: 2026-05-29T03:38:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78228
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Argentine Ministry of Justice
Victim Site: jus.gob.ar
Website Defacement of Modenweb by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media/customer directory page on modenweb.com. The attack targeted a subdirectory of the site rather than the homepage, suggesting a targeted path-level defacement. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-05-29T03:37:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928863
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Modenweb
Victim Site: modenweb.com
Alleged data breach of Golf Victoria
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Golf Victoria comprising approximately 418,000 records across three sections: Contacts, Memberships, and Tournament Registrations. The data reportedly includes personal contact details (name, email, phone, address, date of birth), membership history and payment status, and tournament participation records. The dataset is offered for $900 via a darknet forum.
Date: 2026-05-29T03:36:50Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78232
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Australia
Victim Industry: Sports & Recreation
Victim Organization: Golf Victoria
Victim Site: golfvictoria.org.au
Website defacement of konouzeg.com by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a media or customer-related page on konouzeg.com. The attack was a targeted single-page defacement rather than a mass or home page defacement. Technical details such as server software and IP address were not disclosed in the available reporting.
Date: 2026-05-29T03:36:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928862
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Konouzeg
Victim Site: konouzeg.com
Alleged data breach of Bangladesh Overseas Employment and Services Limited (BOESL)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from boesl.gov.bd, the Bangladesh Overseas Employment and Services Limited, for $1,100. The dataset purportedly contains approximately 742,000 records across three sections — Contacts, Job Applications, and Visa Processing Records — including full names, dates of birth, passport numbers, BMET registration numbers, biometric verification status, and contact details. The data is described as relating to labor export registration applicants.
Date: 2026-05-29T03:35:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78233
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Overseas Employment and Services Limited
Victim Site: boesl.gov.bd
Website Defacement of smastory.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website smastory.com was defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd, on May 29, 2026. The attack targeted a subdirectory path associated with customer advertising content. The incident was a single targeted defacement, not classified as a mass or home page defacement.
Date: 2026-05-29T03:34:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928860
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Media/Advertising
Victim Organization: SMA Story
Victim Site: smastory.com
Alleged data breach of Higher Education Commission of Pakistan exposing 1.5 million citizens PII
Category: Data Breach
Content: A threat actor known as FlipperOne is selling a dataset allegedly obtained from the Higher Education Commission (HEC) of Pakistan, claiming to contain sensitive PII of 1.5 million Pakistani citizens. The data purportedly includes full names, CNIC (national identity card numbers), father names, email addresses, mobile numbers, dates of birth, religion, blood group, and postal addresses. The listing is priced at $3,499 in Monero and is advertised as an exclusive single-buyer sale.
Date: 2026-05-29T03:34:15Z
Network: openweb
Published URL: https://breached.su/threads/pakistan-1-5-million-citizens-sensitive-pii-breached-2026.87693/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Flipperone
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: Higher Education Commission (HEC) of Pakistan
Victim Site: hec.gov.pk
Alleged data breach of Swiss Medical Group exposing patient and health plan records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from swissmedical.com.ar, an Argentine private health insurance provider, for $1,300. The dataset reportedly contains approximately 458,000 records spanning three sections: patient contact information (names, emails, addresses, birthdates, login credentials), health plan details (policy numbers, tax IDs, member passwords, coverage and billing data), and appointment records (doctor notes, patient notes, visit outcomes, billing codes). Sampl…
Date: 2026-05-29T03:33:43Z
Network: openweb
Published URL: https://breached.su/threads/458k-argentina-https-www-swissmedical-com-ar-patient-and-contact-records-including-personal-and-account-details.87694/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Argentina
Victim Industry: Healthcare
Victim Organization: Swiss Medical Group
Victim Site: swissmedical.com.ar
Website Defacement of AMC Intermarket by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 29, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced the website of AMC Intermarket at amcintermarket.com. The incident was a targeted single-site defacement, not part of a mass or repeated campaign. The defacement was archived and mirrored via zone-xsec.com with mirror ID 928867.
Date: 2026-05-29T03:33:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928867
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Finance / Trading
Victim Organization: AMC Intermarket
Victim Site: amcintermarket.com
Mass Website Defacement of Indonesian Islamic School by Adam Novice / Black Elerone Team
Category: Defacement
Content: On May 29, 2026, a threat actor identified as Adam Novice operating under the Black Elerone Team conducted a mass defacement attack targeting manbaul-ulum.sch.id, an Indonesian Islamic educational institution. The attack targeted the schools news page running on a Linux-based server. A mirror of the defacement was archived at haxor.id, confirming this incident was part of a broader mass defacement campaign.
Date: 2026-05-29T03:27:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249679
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Manbaul Ulum Islamic School
Victim Site: manbaul-ulum.sch.id
Mass Defacement of Indonesian Business Site by Adam Novice of Black Elerone Team
Category: Defacement
Content: The threat actor Adam Novice, affiliated with Black Elerone Team, conducted a mass defacement targeting evandriaprimajasindo.co.id, an Indonesian business services website. The attack targeted the /berita (news) subdirectory on a Linux-based server and is classified as both a mass and re-defacement, indicating the site had been previously compromised. The incident was archived on May 29, 2026, with a mirror preserved at haxor.id.
Date: 2026-05-29T03:21:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249678
Screenshots:
1 screenshot(s) available
Threat Actors: Adam Novice, black elerone team
Victim Country: Indonesia
Victim Industry: Business Services
Victim Organization: Evandria Prima Jasindo
Victim Site: evandriaprimajasindo.co.id
Alleged data leak of cdmx.gob.mx (Mexico City Government)
Category: Data Leak
Content: A threat actor operating under the alias krypto/V01 | Exiliados has freely distributed an alleged database dump from the Mexico City Government portal (cdmx.gob.mx). The dataset reportedly contains approximately 1 million records including national ID numbers (CVE/CURP), full names, dates of birth, sex, addresses, and electoral credential data. The data has been made available via a public file-sharing link.
Date: 2026-05-29T03:02:00Z
Network: openweb
Published URL: https://breached.su/threads/dataleak-of-www-cdmx-gob-mx.87692/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Mexico City Government (CDMX)
Victim Site: cdmx.gob.mx
Alleged data leak of Amepi.fr (Amanda) French real estate platform
Category: Data Leak
Content: A threat actor known as ChimeraZ claims to have leaked a database belonging to Amepi.fr (Amanda), described as a French cooperative real estate platform for sharing property listings among agencies. The leaked data, distributed in JSON format (2.35 MB), contains records including visit IDs, mandate IDs, personal names, property addresses, and transaction prices. Sample records reference multiple real estate agencies and individual client names.
Date: 2026-05-29T02:04:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78090
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Real Estate
Victim Organization: Amepi (Amanda)
Victim Site: amepi.fr
Alleged data leak of Takriz Team member information
Category: Data Leak
Content: A threat actor claims to have leaked personal information and photos of members belonging to Takriz, described as a Tunisian cyber threat group allegedly operating under political sponsorship. The post offers files containing member details for free download. The actor also alleges that Takriz recently conducted a cyberattack against the MyTT app to distribute unauthorized notifications.
Date: 2026-05-29T02:03:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78220
Screenshots:
1 screenshot(s) available
Threat Actors: mecrobyte
Victim Country: Tunisia
Victim Industry: Unknown
Victim Organization: Takriz
Victim Site: Unknown
Mass Redefacement of Indonesian Regional Parliament Website by Ushiromiya
Category: Defacement
Content: The official website of the Regional Peoples Representative Council (DPRD) of Agam Regency, Indonesia, was defaced by the threat actor known as Ushiromiya. This incident is classified as both a mass defacement and a redefacement, indicating the attacker has previously targeted this site and is conducting broader campaign activity. The targeted server was running on a Linux-based environment.
Date: 2026-05-29T02:02:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249677
Screenshots:
1 screenshot(s) available
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: DPRD Agam Regency (Regional Peoples Representative Council of Agam Regency)
Victim Site: dprd.agamkab.go.id
Website Defacement of My Hair Accessory by DimasHxR
Category: Defacement
Content: On May 29, 2026, threat actor DimasHxR defaced the website myhairaccessory.com, targeting a media directory within the sites public folder. The defacement was an individual, non-mass attack with no stated motive or team affiliation. The incident was recorded and mirrored by zone-xsec.com under mirror ID 928791.
Date: 2026-05-29T01:45:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928791
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Fashion Accessories
Victim Organization: My Hair Accessory
Victim Site: myhairaccessory.com
Website Defacement of Automatech by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a subdirectory of automatech.co.uk, a UK-based technology and automation company. The attack was not classified as a mass or home page defacement, suggesting it targeted a specific media or custom content path. No team affiliation, motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T01:44:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928807
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Technology / Automation
Victim Organization: Automatech
Victim Site: automatech.co.uk
Website Defacement of ConMetall Meister by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website of ConMetall Meister, a German metal industry company, was defaced by the threat actor DimasHxR. The attacker targeted a subdirectory of the media section of the website. No team affiliation, specific motive, or technical details regarding the server infrastructure were disclosed in connection with this incident.
Date: 2026-05-29T01:43:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928795
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Manufacturing / Metal Industry
Victim Organization: ConMetall Meister
Victim Site: www.conmetallmeister.de
Website Defacement of Diamantaire Imports by DimasHxR
Category: Defacement
Content: The website diamantaireimports.com, belonging to Diamantaire Imports, a jewelry and diamond import business, was defaced by threat actor DimasHxR on May 29, 2026. The defacement targeted a subdirectory path within the site rather than the homepage, indicating a partial or directory-level compromise. No team affiliation, specific motive, or technical details regarding the server or exploitation method were disclosed.
Date: 2026-05-29T01:42:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928797
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Jewelry & Diamond Imports
Victim Organization: Diamantaire Imports
Victim Site: diamantaireimports.com
Website Defacement of West Derby Carpets & Blinds by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a page on the website of West Derby Carpets & Blinds, a UK-based home furnishings retailer. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-29T01:41:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928813
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail – Home Furnishings
Victim Organization: West Derby Carpets & Blinds
Victim Site: westderbycarpetsblinds.co.uk
Website Defacement of Discounted Decals by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a media directory page on discounteddecals.com, a retail e-commerce website likely selling decals and stickers. The defacement was a targeted, single-site incident with no team affiliation reported and no stated motivation. A mirror of the defaced page was archived on zone-xsec.com for reference.
Date: 2026-05-29T01:41:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928802
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / E-commerce
Victim Organization: Discounted Decals
Victim Site: discounteddecals.com
Website Defacement of Kennzeichen-Teufel by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a subdirectory of kennzeichen-teufel.de, a German license plate and automotive accessories retailer. The incident was a targeted, non-mass defacement affecting a specific media path rather than the sites homepage. No team affiliation, stated motive, or technical server details were disclosed in connection with this attack.
Date: 2026-05-29T01:40:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928799
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / Automotive Accessories
Victim Organization: Kennzeichen Teufel
Victim Site: kennzeichen-teufel.de
Website Defacement of Nebraska Life by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor operating under the alias DimasHxR defaced a web page hosted on www.nebraskalife.com, targeting a subdirectory within the sites media folder. The defacement was carried out as a single, targeted attack with no affiliation to a known group or team. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-29T01:39:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928793
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Insurance / Financial Services
Victim Organization: Nebraska Life
Victim Site: www.nebraskalife.com
Website Defacement of Plantmania.nl by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a media/customer directory on plantmania.nl, a Netherlands-based plant retail website. The incident was a targeted single-site defacement, not part of a mass defacement campaign. No team affiliation, stated motive, or server details were disclosed.
Date: 2026-05-29T01:38:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928805
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Retail / E-commerce (Plants & Horticulture)
Victim Organization: Plantmania
Victim Site: plantmania.nl
Website Defacement of Anugraha Online by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced a subdirectory of anugrahaonline.com, targeting a specific media/custom path rather than the homepage. The attack was carried out as a solo operation with no affiliated team, and the targeted path suggests a partial or directory-level defacement rather than a full site compromise.
Date: 2026-05-29T01:37:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928804
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Anugraha Online
Victim Site: anugrahaonline.com
Website Defacement of The Movie and TV Store by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website themovieandtvstore.com was defaced by the threat actor DimasHxR operating independently without a team affiliation. The attack targeted a subdirectory of the site rather than the homepage, indicating a targeted intrusion into a specific web path. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-29T01:36:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928794
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / Entertainment
Victim Organization: The Movie and TV Store
Victim Site: themovieandtvstore.com
Website Defacement of Loeffler Stühle by DimasHxR
Category: Defacement
Content: On May 29, 2026, the attacker known as DimasHxR defaced a page on loefflerstuehle.de, a German furniture retailers website. The defacement targeted a non-homepage URL within the sites media directory, suggesting a targeted file-level compromise rather than a full site takeover. No team affiliation, stated motive, or server details were disclosed.
Date: 2026-05-29T01:36:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928796
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / Furniture
Victim Organization: Loeffler Stühle
Victim Site: loefflerstuehle.de
Website Defacement of Preloved Caravan Awnings by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced the website of Preloved Caravan Awnings, a UK-based retailer specializing in second-hand caravan awnings. The attack was a targeted single-site defacement with no team affiliation, no stated motivation, and no prior defacement history recorded for this domain.
Date: 2026-05-29T01:35:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928810
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / E-commerce
Victim Organization: Preloved Caravan Awnings
Victim Site: www.prelovedcaravanawnings.co.uk
Website Defacement of GPS Gadgets UK by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor known as DimasHxR defaced a media/custom directory page on gpsgadgets.co.uk, a UK-based GPS and gadget retail website. The attack was an individual (non-mass, non-home page) defacement, suggesting targeted exploitation of a specific web directory. No team affiliation, stated motive, or technical server details were disclosed in connection with this incident.
Date: 2026-05-29T01:34:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928809
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail / Consumer Electronics
Victim Organization: GPS Gadgets
Victim Site: gpsgadgets.co.uk
Website Defacement of Dental Savings Club by DimasHxR
Category: Defacement
Content: On May 29, 2026, a threat actor identified as DimasHxR defaced the website of Dental Savings Club, a dental savings and discount services organization. The defacement targeted a subdirectory of the domain and was carried out as a solo attack with no affiliated team. Technical details such as server software and IP address were not disclosed in available reporting.
Date: 2026-05-29T01:33:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928800
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Healthcare / Dental Services
Victim Organization: Dental Savings Club
Victim Site: www.dentalsavingsclub.com
Website Defacement of HerbalSnu by DimasHxR
Category: Defacement
Content: On May 29, 2026, the website herbalsnu.com was defaced by the threat actor DimasHxR, operating without an affiliated team. The attacker targeted a subdirectory within the sites media folder, suggesting exploitation of a content management system vulnerability. The incident was a targeted single-site defacement with no indication of mass or repeat defacement activity.
Date: 2026-05-29T01:32:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928803
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Herbal Products
Victim Organization: HerbalSnu
Victim Site: herbalsnu.com
Alleged leak of historical US public records database from SnailSearch/David Gray adoption system
Category: Data Leak
Content: A threat actor has leaked approximately 6.8 GB of historical US public records (~1997) originally associated with David Grays SnailSearch people-finder system, including birth, marriage, death, and divorce vitals records in CSV format. The poster claims to have removed drivers license and voter files containing SSNs prior to publishing. The data is being made available via public file-sharing links.
Date: 2026-05-29T01:25:53Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Got-another-one-that-might-interest-you-HISTORICAL-for-real
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised TikTok and SHEIN accounts with documented violations
Category: Initial Access
Content: Threat actor offering to sell compromised TikTok US personal accounts, TikTok store accounts with violation appeals, and SHEIN self-operated store accounts across multiple regions. Pricing ranges from 300-800 USDT. Accounts include high-follower TikTok accounts (500K+ followers) and bulk account packages. Contact via Telegram handle provided.
Date: 2026-05-29T01:13:35Z
Network: telegram
Published URL: https://t.me/c/2613583520/91965
Screenshots:
1 screenshot(s) available
Threat Actors: xxin7
Victim Country: United States, European Union
Victim Industry: E-commerce, Social Media
Victim Organization: TikTok, SHEIN
Victim Site: Unknown
Mass Defacement of ultra-libero.com by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 29, 2026, the website ultra-libero.com was defaced by threat actor XYZ, operating under the team name Alpha Wolf, as part of a mass defacement campaign targeting multiple sites. The attack was carried out on a Linux-based server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-29T00:31:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249676
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ultra Libero
Victim Site: ultra-libero.com
Mass Website Defacement of ueda-city.com by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 29, 2026, threat actor XYZ operating under the team name Alpha Wolf conducted a mass defacement attack targeting ueda-city.com, a website associated with Ueda City in Japan. The attack was carried out on a Linux-based server and was part of a broader mass defacement campaign. The defaced page was archived and mirrored at haxor.id.
Date: 2026-05-29T00:29:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249675
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Government
Victim Organization: Ueda City
Victim Site: ueda-city.com
Mass Defacement of imagekeeperpro.com by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 29, 2026, a threat actor identified as XYZ, operating under the group Alpha Wolf, conducted a mass defacement attack against imagekeeperpro.com, a web-based image management service hosted on a Linux server. The attack targeted the sites index page and was archived via the haxor.id mirror service. This incident was classified as a mass defacement, suggesting multiple sites were compromised in the same campaign.
Date: 2026-05-29T00:28:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249673
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Technology / Digital Media
Victim Organization: Image Keeper Pro
Victim Site: imagekeeperpro.com
Website Defacement of Heibon.jp by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 29, 2026, the Japanese website heibon.jp was defaced by a threat actor identified as XYZ, operating under the team name Alpha Wolf. The attack targeted a Linux-based server and resulted in a single-page defacement, as opposed to a mass or home page compromise. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-29T00:26:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249672
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Media / Publishing
Victim Organization: Heibon
Victim Site: heibon.jp
Website Defacement of Heibon.jp by XYZ of Team Alpha Wolf
Category: Defacement
Content: On May 29, 2026, the Japanese website heibon.jp was defaced by a threat actor identified as XYZ, operating under the group Alpha Wolf. The attack targeted the homepage directly and was not part of a mass defacement campaign. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-05-29T00:20:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/928770
Screenshots:
1 screenshot(s) available
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Heibon
Victim Site: heibon.jp
Alleged data breach of Sinaloa government billing system
Category: Data Breach
Content: A threat actor affiliated with Olympus_Group claims to have exfiltrated over 100,000 user records from the Sinaloa state government billing system. The alleged dataset includes emails, passwords, RFC IDs, full names, phone numbers, business names, and verification codes. A sample of 1,000 records has been released freely, with the full database offered for sale.
Date: 2026-05-29T00:15:01Z
Network: openweb
Published URL: https://breached.su/threads/leak-sinaloa-billing-system-100-000-users.87691/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Hermes_Olymp
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Sinaloa State Government
Victim Site: Unknown

Related Posts

[March-23-2026] Daily Cybersecurity Threat Report

[April-06-2025] Daily Cybersecurity Threat Report – Part 2

[November-3-2025] Daily Cybersecurity Threat Report