‼️🇩🇪 A dataset allegedly containing 10.5 million users from LSGB, a defunct German gaming and leak forum, has been leaked on a popular cybercrime forum.
▪️ Records: 10,500,000 (10M + 500K new)
▪️ Size: 121 MB (compressed)
▪️ Data Fields: User ID, username, email address, password hash (bcrypt), salt, user group, registration date, last visit, registration IP, last IP, post count, reputation, PM count, signature, birthday, location, website
▪️ Records: 10,500,000 (10M + 500K new)
▪️ Size: 121 MB (compressed)
▪️ Data Fields: User ID, username, email address, password hash (bcrypt), salt, user group, registration date, last visit, registration IP, last IP, post count, reputation, PM count, signature, birthday, location, website
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Charité
Domain:
Country: 🇩🇪 DE
Date: Mar 31st, 2026
Summary:
Un dysfonctionnement technique au sein d'un centre de données de la Charité à Berlin a entraîné une panne informatique affectant trois sites hospitaliers, empêchant la Feuerwehr d'accéder aux cliniques Virchow, Mitte et Steglitz. Bien que la fourniture de soins aux patients reste stable, les services d'urgence ont temporairement désactivé les entrées des urgences centrales par mesure de sécurité, tout en excluant toute hypothèse de cyberattaque. La Charité travaille activement à la résolution de ce problème technique, qui survient dans un contexte de vigilance accrue face aux risques de cybersécurité pour les institutions publiques berlinoises.
Source: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-feuerwehr-kann-drei-klinikstandorte-nicht-anfahren-15421749.html
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Charité
Domain:
charite.deCountry: 🇩🇪 DE
Date: Mar 31st, 2026
Summary:
Un dysfonctionnement technique au sein d'un centre de données de la Charité à Berlin a entraîné une panne informatique affectant trois sites hospitaliers, empêchant la Feuerwehr d'accéder aux cliniques Virchow, Mitte et Steglitz. Bien que la fourniture de soins aux patients reste stable, les services d'urgence ont temporairement désactivé les entrées des urgences centrales par mesure de sécurité, tout en excluant toute hypothèse de cyberattaque. La Charité travaille activement à la résolution de ce problème technique, qui survient dans un contexte de vigilance accrue face aux risques de cybersécurité pour les institutions publiques berlinoises.
Source: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-feuerwehr-kann-drei-klinikstandorte-nicht-anfahren-15421749.html
www.tagesspiegel.de
IT‑Ausfall an der Berliner Charité: Feuerwehr kann drei Klinikstandorte nicht anfahren
Wegen einer IT-Panne fährt die Feuerwehr derzeit drei Charité-Kliniken nicht an. Ein Cyberangriff ist jedoch ausgeschlossen.
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Häpo-Reifencenter
Domain:
Country: 🇨🇭 CH
Date: Mar 29th, 2026
Summary:
Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système informatique de l'entreprise Häpo-Reifencenter, située à Winterthour, à l'aide d'un ransomware. Bien que l'entreprise disposât de sauvegardes, celles-ci ont également été détruites, ce qui entraîne un préjudice quotidien de plusieurs dizaines de milliers de francs et une perte des données comptables actuelles. Häpo a informé la police et alerté son assureur, tandis que la direction n'envisage pour l'instant pas de payer la rançon exigée.
Source: https://www.tagesanzeiger.ch/cyberangriff-in-winterthur-hacker-legen-haepo-reifencenter-lahm-229421108182
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Häpo-Reifencenter
Domain:
haepo.chCountry: 🇨🇭 CH
Date: Mar 29th, 2026
Summary:
Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système informatique de l'entreprise Häpo-Reifencenter, située à Winterthour, à l'aide d'un ransomware. Bien que l'entreprise disposât de sauvegardes, celles-ci ont également été détruites, ce qui entraîne un préjudice quotidien de plusieurs dizaines de milliers de francs et une perte des données comptables actuelles. Häpo a informé la police et alerté son assureur, tandis que la direction n'envisage pour l'instant pas de payer la rançon exigée.
Source: https://www.tagesanzeiger.ch/cyberangriff-in-winterthur-hacker-legen-haepo-reifencenter-lahm-229421108182
Tages-Anzeiger
Cyberangriff in Winterthur: Hacker legen Häpo-Reifencenter lahm
Cyberkriminelle griffen am Sonntag das Winterthurer Unternehmen Häpo an und fordern Lösegeld. Die Hackergruppe soll Verbindungen in den Iran haben.
💥 Early stages of a Cybercrime Website Leaderboard is now available to Elite subscribers.
A separate Threat Actor Leaderboard is being worked on, but nothing to show for it for now.
https://darkwebinformer.com/cybercrime-website-leaderboard4574474574/
A separate Threat Actor Leaderboard is being worked on, but nothing to show for it for now.
https://darkwebinformer.com/cybercrime-website-leaderboard4574474574/
😭1
🔪 Slice For Life 🔪
Cyberattack News Alert ━━━━━━━━━━━━━━━━━━━━━━━━━ Victim: Häpo-Reifencenter Domain: haepo.ch Country: 🇨🇭 CH Date: Mar 29th, 2026 Summary: Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système…
These articles should translate to english now.
😭1
‼️🇺🇸 A massive breach allegedly from BlackLine, a major financial automation platform, is being sold on a popular cybercrime forum.
▪️ Documents: ~1,532,718
▪️ Total Size: 354.4 GB
▪️ Data Includes: Bills, licenses, certificates, and other documents processed for high-profile clients
▪️ Client Noted: FedEx PO APAC Production
▪️ Documents: ~1,532,718
▪️ Total Size: 354.4 GB
▪️ Data Includes: Bills, licenses, certificates, and other documents processed for high-profile clients
▪️ Client Noted: FedEx PO APAC Production
‼️🇺🇸 A dataset allegedly containing 9,000+ loan records from HeritageSouth Credit Union (USA) has been leaked on a popular cybercrime forum.
▪️ Records: 9,000+
▪️ Size: ~5.5 MB (CSV)
▪️ Data Fields: Loan ID, borrower ID, SSN, full name, gender, birthdate, address, ZIP code, credit score, loan amount, interest rate, delinquency counts, charge-off details, co-borrower info (SSN, name, address), collateral vehicle details (make, model, year, VIN, value)
▪️ Records: 9,000+
▪️ Size: ~5.5 MB (CSV)
▪️ Data Fields: Loan ID, borrower ID, SSN, full name, gender, birthdate, address, ZIP code, credit score, loan amount, interest rate, delinquency counts, charge-off details, co-borrower info (SSN, name, address), collateral vehicle details (make, model, year, VIN, value)
How many daily alerts on the threat feed is enough for you or would be enough for you if you subscribed?
Anonymous Poll
19%
0-400
3%
401-800
3%
801-1200
36%
Unlimited
39%
Show Results
‼️🇺🇸 A database (V2) allegedly from Success.com, a popular newsletter and article platform, has been leaked on a popular cybercrime forum.
This is the second breach, the site was still vulnerable, with over 60K new emails added since the first leak.
▪️ Records: 207,000+ unique users
▪️ Data Fields: Email, first/last name, phone, company, passwords, billing & shipping addresses, payment method, social media links (Facebook, LinkedIn, Twitter), job title, credit scores, order history, store orders, and more
Note: The threat actor states Success.com did not respond to contact or consider meeting their demands
This is the second breach, the site was still vulnerable, with over 60K new emails added since the first leak.
▪️ Records: 207,000+ unique users
▪️ Data Fields: Email, first/last name, phone, company, passwords, billing & shipping addresses, payment method, social media links (Facebook, LinkedIn, Twitter), job title, credit scores, order history, store orders, and more
Note: The threat actor states Success.com did not respond to contact or consider meeting their demands
‼️ A threat actor shared a 1.3TB collection of URL-login-password credentials described as private 2025 data.
The credentials appear to be formatted as a combolist containing browsing history and associated login credentials.
@whiteintel_io in case you're missing a couple.
The credentials appear to be formatted as a combolist containing browsing history and associated login credentials.
@whiteintel_io in case you're missing a couple.
‼️ FuhrLegal allegedly has data exposed on a popular cybercrime forum.
Threat Actor: @NormalLeVrai
Date: 03-31-2026
Category: Breach
Victim: FuhrLegal
Industry: Legal Services
Site: http://fuhrlegal.com
Threat actor claims to have breached fuhrlegal.com and is sharing databases, source code, email messages, SSH access credentials, and complete backups after the company allegedly failed to pay a ransom demand. The actor also claims to have discovered the victim company was involved in cryptocurrency fraud against an individual.
Threat Actor: @NormalLeVrai
Date: 03-31-2026
Category: Breach
Victim: FuhrLegal
Industry: Legal Services
Site: http://fuhrlegal.com
Threat actor claims to have breached fuhrlegal.com and is sharing databases, source code, email messages, SSH access credentials, and complete backups after the company allegedly failed to pay a ransom demand. The actor also claims to have discovered the victim company was involved in cryptocurrency fraud against an individual.
‼️🇺🇸 A compromised US WordPress e-commerce shop with Authorize.net payment processing is being auctioned on a popular cybercrime forum.
Threat Actor: citizenfour
Date: 03-31-2026
Category: Compromised Shop
Victim: Unnamed US WordPress Shop
Industry: E-Commerce
Site: Not disclosed
The threat actor is auctioning access to a US-based online shop with 20,933 orders, $38.2K revenue, and 220 completed transactions.
Payment methods include Authorize.net (273), COD (49), check (11), and Visa via Stripe (4). Monthly breakdown shows $7.4K in March, $21K in February, and $9.8K in January 2026. Customers are primarily US-based (292).
Auction starts at $300 with $100 steps and a $1,500 blitz price.
Threat Actor: citizenfour
Date: 03-31-2026
Category: Compromised Shop
Victim: Unnamed US WordPress Shop
Industry: E-Commerce
Site: Not disclosed
The threat actor is auctioning access to a US-based online shop with 20,933 orders, $38.2K revenue, and 220 completed transactions.
Payment methods include Authorize.net (273), COD (49), check (11), and Visa via Stripe (4). Monthly breakdown shows $7.4K in March, $21K in February, and $9.8K in January 2026. Customers are primarily US-based (292).
Auction starts at $300 with $100 steps and a $1,500 blitz price.