Threat Intel · Live Feed

What we're seeing right now.

Daily threat intelligence sourced by Beralock analysts across surface, deep, and dark web — published the same day we surface it. Use the filters to focus on what matters to you.

DARK WEBJun 3, 2026·4 min read

Hazecash.com Financial Services Platform Leak — 1M+ Credentials

Threat actor "Cryptix" posted a 24.3MB CSV dump from Hazecash.com, a global financial services and online payment platform, on Dark Web. The dataset exceeds 1 million records and includes usernames, email addresses, passwords, and IP addresses — a critical credential exposure event for a financial platform with global user base.

Read full intel →
RANSOMWARE09:45 AM UTC

LockBit Claims New Manufacturing Sector Victim — 240GB Listed for Auction

Intelligence collected from LockBit's dark web blog indicates a new victim in the manufacturing sector with 240GB of sensitive engineering documents and contracts listed for sale with a 72-hour auction window. The listing includes proof files naming the organization.

Read more →
DARK WEB04:04 AM UTC

Curious12 & Supply Chain Data Breach

A threat actor known as "xxf" posted a database breach on Dark Web claiming to have compromised Curious12.com, a UK-based creative agency that manages infrastructure for multiple client organizations across North East England. The breach appears to be a supply chain attack exposing educational institutions, cultural organizations, and community projects simultaneously.

Read more →
DARK WEB06:27 PM UTC

carsworld.id Indonesia Automotive Marketplace

Threat actor "Cryptix" posted a full database dump of carsworld.id, an Indonesian automotive services marketplace, on Dark Web. The 2.88MB SQL dump covers 213,303 merchant records including business contact details, GPS coordinates, operating hours, workshop owner credentials, and active session data — enabling both account takeover and physical targeting.

Read more →
DARK WEB12:50 PM UTC

341K Indonesian National Police (POLRI) Database Leak

A threat actor operating as "V0idix" leaked 341,000 records from the Indonesian National Police (POLRI) on DarkForums, claiming the release was politically motivated following their alleged arrest. The dataset contains active-duty officer PII including rank, unit, phone numbers, and email addresses across multiple provinces.

Read more →
DARK WEB07:01 AM UTC

gnkdinamo.hr Leak — 56,182 Users

06-01-2026, 07:02 PM — gnkdinamo.hr leak. 56,182 user records in JSON format. Data includes OIB (Croatian personal ID), first name, last name, birth date, email, phone, address, and city.

Read more →
DARK WEB02:13 PM UTC

ChilledSites.com Web3 AI Platform Data Leak — 1K Records

Threat actor "yeblan" posted a 1,000-record dataset from ChilledSites.com, a Web3 AI platform, on Dark Web. The leak includes email addresses, cryptocurrency wallet addresses, Telegram handles, and WhatsApp numbers — a high-value combination for targeted crypto fraud and social engineering.

Read more →
RANSOMWARE12:48 PM UTC

Aman Resorts aman.com Salesforce Data Leak — 215K Users

Prolific threat group ShinyHunters has posted a 507,078-row Salesforce dataset from luxury hospitality brand Aman Resorts (aman.com), covering 215,000 users. The JSONL-format dump contains personally identifiable information of Aman's ultra-high-net-worth global clientele — one of the most sensitive hospitality datasets to emerge in 2026.

Read more →