‼️🇸🇦 Saudi Arabia's Chamber of Commerce allegedly had ~478,000 active business contact records put up for sale on a popular cybercrime forum.
Threat Actor: gtaviispeak
Category: Breach
Victim: Saudi Chamber of Commerce
Industry: Government / Business
Site: chamber.sa
The dataset is organized across three sections.
Contacts include full name, company name, email, phone, mobile, address, DOB, gender, membership status, account tier, preferred language, time zone, and country.
Member Categories contain classifications for chamber members including category ID, sector, position, active status, and timestamps.
Member Access Logs cover website access and system usage records including IP addresses, log entries, and passwords.
Threat Actor: gtaviispeak
Category: Breach
Victim: Saudi Chamber of Commerce
Industry: Government / Business
Site: chamber.sa
The dataset is organized across three sections.
Contacts include full name, company name, email, phone, mobile, address, DOB, gender, membership status, account tier, preferred language, time zone, and country.
Member Categories contain classifications for chamber members including category ID, sector, position, active status, and timestamps.
Member Access Logs cover website access and system usage records including IP addresses, log entries, and passwords.
💥 Two last updates for the threat feed this week, Telegram claims will no longer show duplicates. Example... Hacktivist group does a DDoS on multiple domains within their claim post, the post will only show once going forward instead of spamming the feed with claims for each individual domain.
Also, all forum posts going forward should properly show segmented screenshots with no missing data if the post is long. It will never miss anything in the TAs original post.
Also, all forum posts going forward should properly show segmented screenshots with no missing data if the post is long. It will never miss anything in the TAs original post.
‼️Success.Events, a sister site of the previously twice-breached Success.com, has allegedly suffered a data breach with its database dumped on a popular cybercrime forum.
Threat Actor: punk
Category: Breach
Victim: Success.Events
Industry: Personal Development / Events
Site: success.events
In April 2026, the personal development and event newsletter platform suffered a breach exposing over 53,000 unique users.
Compromised data includes ID, event type, resend email ID, recipient email, campaign ID, metadata, sender/recipient info, open tracking (IP address, timestamp, user agent), email headers, subject, email ID, and broadcast ID.
Threat Actor: punk
Category: Breach
Victim: Success.Events
Industry: Personal Development / Events
Site: success.events
In April 2026, the personal development and event newsletter platform suffered a breach exposing over 53,000 unique users.
Compromised data includes ID, event type, resend email ID, recipient email, campaign ID, metadata, sender/recipient info, open tracking (IP address, timestamp, user agent), email headers, subject, email ID, and broadcast ID.
‼️ New Ransomware Group: Krybit
krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd[.]onion
krybitx3fh5krdnhegyp2ob3lhizsaiadturtio3ginf7it5gsdgu2yd[.]onion
krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd[.]onion
krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd[.]onion
krybitx3fh5krdnhegyp2ob3lhizsaiadturtio3ginf7it5gsdgu2yd[.]onion
krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd[.]onion
🔥1
‼️ The European Union's cybersecurity agency announced Thursday that a cyberattack and subsequent data compromise targeting the EU's executive branch had been attributed to a cybercriminal organization called TeamPCP @pcpcats.
https://techcrunch.com/2026/04/03/europes-cyber-agency-blames-hacking-gangs-for-massive-data-breach-and-leak/
https://techcrunch.com/2026/04/03/europes-cyber-agency-blames-hacking-gangs-for-massive-data-breach-and-leak/
TechCrunch
Europe’s cyber agency blames hacking gangs for massive data breach and leak | TechCrunch
CERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online.
‼️ The HypurrFi domain was compromised several hours ago. The HypurrFi team was able to regain control of the affected domain via their registrar. If you use their domain, you need to read below.
https://x.com/HypurrFi/status/2040186175483416995
https://x.com/HypurrFi/status/2040186175483416995
X (formerly Twitter)
HypurrFi (@HypurrFi) on X
Update:
We have regained control of the hypurr (dot) fi domain via our registrar.
It will take some time for the new DNS to propagate (could be up to 24 hours for some). As of the moment, it is still resolving to the attacker. Do not use hypurr (dot) fi.…
We have regained control of the hypurr (dot) fi domain via our registrar.
It will take some time for the new DNS to propagate (could be up to 24 hours for some). As of the moment, it is still resolving to the attacker. Do not use hypurr (dot) fi.…
‼️The Gentlemen Ransomware is threatening an unknown company.
▪️1900 NDA Files
▪️All confluence
▪️Jira
▪️Nexus
▪️Source code of plugins
▪️More
▪️1900 NDA Files
▪️All confluence
▪️Jira
▪️Nexus
▪️Source code of plugins
▪️More
‼️ I have posted about this tool before, but this is a new forum post.
A threat actor advertising NFC RIPPER, an Android toolkit for conducting NFC relay attacks against payment terminals and ATMs.
The tool enables PIN bypass through multiple methods and allows remote card emulation for fraudulent transactions.
A threat actor advertising NFC RIPPER, an Android toolkit for conducting NFC relay attacks against payment terminals and ATMs.
The tool enables PIN bypass through multiple methods and allows remote card emulation for fraudulent transactions.
‼️🇷🇺 Forum IP Leak
▪️Forum: Rehub
▪️IP: 5[.]175[.]247[.]131
▪️Ports: 22, 25
▪️ASN: 213501
Onion:
▪️http://rehubg7wpn5vuwttbzqrzm5epq6ta5mqm6cbfpn7wtukaskzte3ehcyd[.]onion
Clearnet:
▪️rehubcom[.]ag
▪️rehubcom[.]io
▪️Damagelab[.]in
▪️Forum: Rehub
▪️IP: 5[.]175[.]247[.]131
▪️Ports: 22, 25
▪️ASN: 213501
Onion:
▪️http://rehubg7wpn5vuwttbzqrzm5epq6ta5mqm6cbfpn7wtukaskzte3ehcyd[.]onion
Clearnet:
▪️rehubcom[.]ag
▪️rehubcom[.]io
▪️Damagelab[.]in
🔥2😭2❤1
‼️🇨🇱 Zyght, a HSE (Health, Safety & Environment) software platform, has allegedly been breached with 6.1TB of data put up for sale on a popular cybercrime forum.
Threat Actor: igotafeeling
Category: Breach
Victim: Zyght
Industry: HSE Software
Site: zyght.com
The threat actor claims to have obtained 6.1TB of customer uploads and the full source code for Zyght's HSE software. The company was allegedly aware of the breach for weeks and did not resolve it privately.
Affected companies include major corporations such as: Codelco, Nestlé, Mutual de Seguridad CChC, Chilquinta Energía, SQM, Glencore, EcoMetales, Trafigura, Albemarle, SAAM, GHL Hoteles, Fénix Power Perú, Banco de Chile, Grupo México, Falabella, Fresnillo plc, Industrias Peñoles, ASARCO, Goldfields, and many more across mining, energy, banking, and retail sectors.
Exposed data includes worker PII and medical records, incident/accident files, identity documents, training and competency records, site security info, environmental compliance, audit and legal documents, and PPE/asset records.
Customer buckets listed include: Codelco (769.4GB), gssodet (629.1GB), Codelco-prepro (475.6GB), gsoch (283.4GB), Mutual (281.0GB), Chilquinta (232.1GB), Nestlé (201.9GB), SQM (191.9GB), Disal (163.5GB), and Goldfields (145.6GB), among others.
The data will be sold strictly once after a one-week deadline (April 10 GMT-3), giving affected companies a chance to reach out first, per the actor.
Threat Actor: igotafeeling
Category: Breach
Victim: Zyght
Industry: HSE Software
Site: zyght.com
The threat actor claims to have obtained 6.1TB of customer uploads and the full source code for Zyght's HSE software. The company was allegedly aware of the breach for weeks and did not resolve it privately.
Affected companies include major corporations such as: Codelco, Nestlé, Mutual de Seguridad CChC, Chilquinta Energía, SQM, Glencore, EcoMetales, Trafigura, Albemarle, SAAM, GHL Hoteles, Fénix Power Perú, Banco de Chile, Grupo México, Falabella, Fresnillo plc, Industrias Peñoles, ASARCO, Goldfields, and many more across mining, energy, banking, and retail sectors.
Exposed data includes worker PII and medical records, incident/accident files, identity documents, training and competency records, site security info, environmental compliance, audit and legal documents, and PPE/asset records.
Customer buckets listed include: Codelco (769.4GB), gssodet (629.1GB), Codelco-prepro (475.6GB), gsoch (283.4GB), Mutual (281.0GB), Chilquinta (232.1GB), Nestlé (201.9GB), SQM (191.9GB), Disal (163.5GB), and Goldfields (145.6GB), among others.
The data will be sold strictly once after a one-week deadline (April 10 GMT-3), giving affected companies a chance to reach out first, per the actor.