βΌοΈπΊπΈ A dataset allegedly containing 9,000+ loan records from HeritageSouth Credit Union (USA) has been leaked on a popular cybercrime forum.
βͺοΈ Records: 9,000+
βͺοΈ Size: ~5.5 MB (CSV)
βͺοΈ Data Fields: Loan ID, borrower ID, SSN, full name, gender, birthdate, address, ZIP code, credit score, loan amount, interest rate, delinquency counts, charge-off details, co-borrower info (SSN, name, address), collateral vehicle details (make, model, year, VIN, value)
βͺοΈ Records: 9,000+
βͺοΈ Size: ~5.5 MB (CSV)
βͺοΈ Data Fields: Loan ID, borrower ID, SSN, full name, gender, birthdate, address, ZIP code, credit score, loan amount, interest rate, delinquency counts, charge-off details, co-borrower info (SSN, name, address), collateral vehicle details (make, model, year, VIN, value)
How many daily alerts on the threat feed is enough for you or would be enough for you if you subscribed?
Anonymous Poll
19%
0-400
3%
401-800
3%
801-1200
36%
Unlimited
39%
Show Results
βΌοΈπΊπΈ A database (V2) allegedly from Success.com, a popular newsletter and article platform, has been leaked on a popular cybercrime forum.
This is the second breach, the site was still vulnerable, with over 60K new emails added since the first leak.
βͺοΈ Records: 207,000+ unique users
βͺοΈ Data Fields: Email, first/last name, phone, company, passwords, billing & shipping addresses, payment method, social media links (Facebook, LinkedIn, Twitter), job title, credit scores, order history, store orders, and more
Note: The threat actor states Success.com did not respond to contact or consider meeting their demands
This is the second breach, the site was still vulnerable, with over 60K new emails added since the first leak.
βͺοΈ Records: 207,000+ unique users
βͺοΈ Data Fields: Email, first/last name, phone, company, passwords, billing & shipping addresses, payment method, social media links (Facebook, LinkedIn, Twitter), job title, credit scores, order history, store orders, and more
Note: The threat actor states Success.com did not respond to contact or consider meeting their demands
βΌοΈ A threat actor shared a 1.3TB collection of URL-login-password credentials described as private 2025 data.
The credentials appear to be formatted as a combolist containing browsing history and associated login credentials.
@whiteintel_io in case you're missing a couple.
The credentials appear to be formatted as a combolist containing browsing history and associated login credentials.
@whiteintel_io in case you're missing a couple.
βΌοΈ FuhrLegal allegedly has data exposed on a popular cybercrime forum.
Threat Actor: @NormalLeVrai
Date: 03-31-2026
Category: Breach
Victim: FuhrLegal
Industry: Legal Services
Site: http://fuhrlegal.com
Threat actor claims to have breached fuhrlegal.com and is sharing databases, source code, email messages, SSH access credentials, and complete backups after the company allegedly failed to pay a ransom demand. The actor also claims to have discovered the victim company was involved in cryptocurrency fraud against an individual.
Threat Actor: @NormalLeVrai
Date: 03-31-2026
Category: Breach
Victim: FuhrLegal
Industry: Legal Services
Site: http://fuhrlegal.com
Threat actor claims to have breached fuhrlegal.com and is sharing databases, source code, email messages, SSH access credentials, and complete backups after the company allegedly failed to pay a ransom demand. The actor also claims to have discovered the victim company was involved in cryptocurrency fraud against an individual.
βΌοΈπΊπΈ A compromised US WordPress e-commerce shop with Authorize.net payment processing is being auctioned on a popular cybercrime forum.
Threat Actor: citizenfour
Date: 03-31-2026
Category: Compromised Shop
Victim: Unnamed US WordPress Shop
Industry: E-Commerce
Site: Not disclosed
The threat actor is auctioning access to a US-based online shop with 20,933 orders, $38.2K revenue, and 220 completed transactions.
Payment methods include Authorize.net (273), COD (49), check (11), and Visa via Stripe (4). Monthly breakdown shows $7.4K in March, $21K in February, and $9.8K in January 2026. Customers are primarily US-based (292).
Auction starts at $300 with $100 steps and a $1,500 blitz price.
Threat Actor: citizenfour
Date: 03-31-2026
Category: Compromised Shop
Victim: Unnamed US WordPress Shop
Industry: E-Commerce
Site: Not disclosed
The threat actor is auctioning access to a US-based online shop with 20,933 orders, $38.2K revenue, and 220 completed transactions.
Payment methods include Authorize.net (273), COD (49), check (11), and Visa via Stripe (4). Monthly breakdown shows $7.4K in March, $21K in February, and $9.8K in January 2026. Customers are primarily US-based (292).
Auction starts at $300 with $100 steps and a $1,500 blitz price.
βΌοΈπΊπΈ Vantage Media AI allegedly has data exposed on a popular cybercrime forum.
Threat Actor: Sorb
Date: 03-31-2026
Category: Breach
Victim: Vantage Media AI
Industry: Data Analytics / Marketing
Sites: vantagemediacorp.com, vantagemedia.ai
Threat actor claims to have breached Vantage Media AI's MongoDB server on March 27, 2026.
Data contains: 381 GB of personal data totaling 628 million+ unique emails, 51 million+ phone numbers, 139 million+ address records, 180 million+ personal profiles, 31.4 million+ unique IPs, 59 million+ DOB records, and 11.9 million+ company records. Data fields include full name, full address, job title, industry, LinkedIn URL, gender, politics, religion, IP address, DOB, email, and phone.
The actor states numerous attempts to contact the company were unsuccessful. Priced at $15,000 as a single purchase.
Threat Actor: Sorb
Date: 03-31-2026
Category: Breach
Victim: Vantage Media AI
Industry: Data Analytics / Marketing
Sites: vantagemediacorp.com, vantagemedia.ai
Threat actor claims to have breached Vantage Media AI's MongoDB server on March 27, 2026.
Data contains: 381 GB of personal data totaling 628 million+ unique emails, 51 million+ phone numbers, 139 million+ address records, 180 million+ personal profiles, 31.4 million+ unique IPs, 59 million+ DOB records, and 11.9 million+ company records. Data fields include full name, full address, job title, industry, LinkedIn URL, gender, politics, religion, IP address, DOB, email, and phone.
The actor states numerous attempts to contact the company were unsuccessful. Priced at $15,000 as a single purchase.
β€1
β οΈ FBI Watchdog - DNS Change (A) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-hack.tw
Record Type: DNS Change (A)
Time Detected: 2026-04-01 06:52:59 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-hack.tw
Record Type: DNS Change (A)
Time Detected: 2026-04-01 06:52:59 UTC
Previous Records:
144.31.107.15
New Records:
38.54.84.75
β οΈ FBI Watchdog - IP Change (hosting migration) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-hack.tw
Record Type: IP Change (hosting migration)
Time Detected: 2026-04-01 06:55:52 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-hack.tw
Record Type: IP Change (hosting migration)
Time Detected: 2026-04-01 06:55:52 UTC
Previous Records:
A: 144.31.107.15
AAAA:
New Records:
A: 144.31.107.15 β 38.54.84.75
Classification: Complete IP replacement - likely hosting migration
π1