Alerts

this report is based on reports of data breaches and the sale of initial access rights posted on deep web-dark web forums. some parts of the report contain information that cannot be fully verified as factual due to the nature of the source.

Major Issues

Multiple breach claims by ShinyHunters. a wide range of targets were reported, including global organizations and EU agencies, including Hall, Zen, Wof, Aur, and European *. ShinyHunters threatened to compromise the BreachForums v5 database, highlighting the potential for secondary victimization of the forum’s entire user base.
military, intelligence, and government-related high-risk breaches increased significantly. national security-linked data, including U.S. Air operational logs, Israeli M agent and military data, and Qatari * data, were exchanged, increasing the potential for national security and human harm.
re-sharing of South Korea-related data and trading of initial access rights were confirmed. the internal source code, private keys, hard-coded credentials, and medical backup data stolen in November 2025 were reshared, and the sale of E-Acc source code and government server root access rights were observed. cases of selling lender customer data were also identified.
distribution of malware tools and source code. Azury Infostealer and v20 Chromium-enabled Infostealer source code trades pose a credential theft threat. sales of initial access rights and admin panels facilitate supply chain and public infrastructure penetration.
BreachForums ecosystem credibility erosion and geopolitical conflict-linked leaks coincided. the forum’s own breach, clone, and administrator account issues make it more difficult to verify claims.

Conclusion

the March 2026 trends are characterized by multinational data breaches, high risk of military and intelligence agency data, redistribution of key enterprise source code, commercialization of malware, and increased geopolitical threats. the recommended response for each organization is to monitor the dark web at all times, strengthen source code and development environment access control, strengthen authentication systems such as multi-factor authentication, geopolitical intelligence-based monitoring, and long-term leak data tracking.