#  @DarkWebInformer Dark Web Informer Several major cybersecurity incidents have been reported recently. A significant data breach allegedly involving [---] billion Discord messages from [--] million users has been claimed, and various companies, including Comcast, Boyd Gaming Corporation, and Stellantis, have confirmed data breaches or cybersecurity incidents. Additionally, law enforcement has seized several dark web marketplaces, including Archetyp and Tradeogre. ### Engagements: [-------] [#](/creator/twitter::1697387633247150081/interactions)  - [--] Week [-------] -16% - [--] Month [---------] +0.28% - [--] Months [----------] +32% - [--] Year [----------] -32% ### Mentions: [---] [#](/creator/twitter::1697387633247150081/posts_active)  - [--] Week [---] -24% - [--] Month [---] +47% - [--] Months [-----] +54% - [--] Year [-----] -1.90% ### Followers: [-------] [#](/creator/twitter::1697387633247150081/followers)  - [--] Week [-------] +1.30% - [--] Month [-------] +6.30% - [--] Months [-------] +25% - [--] Year [-------] +70% ### CreatorRank: [-------] [#](/creator/twitter::1697387633247150081/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) 13.79% [countries](/list/countries) 12.32% [stocks](/list/stocks) 11.82% [finance](/list/finance) 7.88% [social networks](/list/social-networks) 5.91% [cryptocurrencies](/list/cryptocurrencies) 1.97% [travel destinations](/list/travel-destinations) 1.97% [celebrities](/list/celebrities) 0.99% [exchanges](/list/exchanges) 0.49% [gaming](/list/gaming) 0.49% **Social topic influence** [actor](/topic/actor) #92, [company](/topic/company) #779, [data](/topic/data) 3.94%, [shell](/topic/shell) #756, [to the](/topic/to-the) 3.45%, [step](/topic/step) #1136, [update](/topic/update) 2.96%, [telegram](/topic/telegram) 2.46%, [discord](/topic/discord) 2.46%, [$googl](/topic/$googl) 2.46% **Top accounts mentioned or mentioned by** [@noo_idcard](/creator/undefined) [@lakle1308](/creator/undefined) [@intcyberdigest](/creator/undefined) [@snagg](/creator/undefined) [@rxerium](/creator/undefined) [@securelayer7](/creator/undefined) [@fbiopenup](/creator/undefined) [@darkwebintelbot](/creator/undefined) [@okta](/creator/undefined) [@bleepingcomputer](/creator/undefined) [@quantumhacker](/creator/undefined) [@sharp4882fabypassonprivatebugbountyprogramduetocsrftokenmisconfiguration5a9c82151a1](/creator/undefined) [@club31337](/creator/undefined) [@bypandemonium](/creator/undefined) [@vinibarbosabr](/creator/undefined) [@chrizbreeze88](/creator/undefined) [@tmppbr](/creator/undefined) [@badvalla40301](/creator/undefined) [@_someone_els](/creator/undefined) [@mnovofastovsky](/creator/undefined) **Top assets mentioned** [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Cloudflare, Inc. (NET)](/topic/cloudflare) [Microsoft Corp. (MSFT)](/topic/microsoft) [Ethereum (ETH)](/topic/ethereum) [CarMax, Inc (KMX)](/topic/carmax-inc) [Bumble Inc. (BMBL)](/topic/bumble-inc) [SolarWinds Corporation Common Stock (SWI)](/topic/$swi) ### Top Social Posts Top posts by engagements in the last [--] hours "π¨Alleged Data Breach of Hotel Regina Isabella 30K+ Guest Passport & ID Scans Industry: Hospitality / Luxury Resorts Threat Actor: mydocs Forum: DarkForums Network: Clearnet Dark Web Details: A threat actor is selling over [-----] high-resolution scans and photos of guest identity documents allegedly obtained from a private source linked to Hotel Regina Isabella a high-end resort located in Ischia Italy. The dataset includes a wide variety of global ID types and document formats. Leaked data includes: 30K+ guest identity document scans Document types: Passports (EU US Middle East) Italian ID" [X Link](https://x.com/DarkWebInformer/status/1952753161950617748) 2025-08-05T15:26Z 158.1K followers, [----] engagements "π¨ Simon Property Group has Fallen Victim to MEDUSA Ransomware π United States Industry: Real Estate / Retail Threat Actor: Unverified (Dark Web Listing) Network: Dark Web π§ A ransomware group has allegedly listed Simon Property Group as a victim of ransomware. The listing claims to include sensitive company data and employee information from the real estate investment trust (REIT) headquartered in Indianapolis Indiana. Simon Property Group owns and operates major U.S. retail and outlet centers including Premium Outlets and The Mills. https://twitter.com/i/web/status/1983565405743391027" [X Link](https://x.com/DarkWebInformer/status/1983565405743391027) 2025-10-29T16:03Z 158.4K followers, [----] engagements "π¨ New Ransomware Claims Posted Today Anubis Trumbull County Benzona CoinbaseCartel Renesas Electronics DataCarry Camomilla Dragonforce Jack Levine Precision Compounding Embargo Everest Benchmark Electronics Inc Handala From Shield to Shame Incransom Kazu CT Dent Ltd Lynx Trucash Nightspire Ermat Grup Nova ANG BROTHERS (M&E) PTE. LTD. (P3) qilin Canvas Church Diesel Electric Kasapreko Khazzan Logistics Towerstream UniqueTech Engineering Rhysida SODISE http://www.toc.co.jp http://www.mylawcompany.com http://bennett.edu https://twitter.com/i/web/status/1997442252587831655" [X Link](https://x.com/DarkWebInformer/status/1997442252587831655) 2025-12-06T23:05Z 158.2K followers, [----] engagements "π¨ Alleged Sale of Major Web3 Rewards Platform Database Affecting 467K Users" [X Link](https://x.com/DarkWebInformer/status/2003593149718098381) 2025-12-23T22:26Z 158K followers, [----] engagements "π¨ Threat actor selling 340GB of data allegedly obtained from impacting French energy and construction sector entities including EDF Power Plants and multiple Eiffage and Bouygues-related projects advertised on a dark web forum. π France Industry: Energy/Construction Type: Data Leak Threat Actor: Angel_Batista Samples: Yes Major companies affected: - lectricit de France SA (93.7 GB) - Data from EDF Power Plant including CRUAS GRAVELINES BUGEY ST LAURENT DAMPIERRE and TRICASTIN - Eiffage S.A. (153 GB) - Eiffage Construction/Energie/Genie Civil/Immobilier/Rail Additional companies (full list" [X Link](https://x.com/DarkWebInformer/status/2008199448082423927) 2026-01-05T15:30Z 158.3K followers, [----] engagements "Warren County Sheriffs Office has been claimed a victim to RansomHouse Ransomware" [X Link](https://x.com/DarkWebInformer/status/2014764376297795619) 2026-01-23T18:17Z 156.8K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2024-37079: Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability CVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability CVE-2025-31125: Vite Vitejs Improper Access Control Vulnerability CVE-2025-54313: Prettier eslint-config-prettier Embedded Malicious Code Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/" [X Link](https://x.com/DarkWebInformer/status/2014788225324232884) 2026-01-23T19:52Z 156.5K followers, [----] engagements "ShinyHunters Claims CarMax Inc. as a victim" [X Link](https://x.com/DarkWebInformer/status/2014862052670550082) 2026-01-24T00:45Z 157.9K followers, 38.8K engagements "I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange Telegram Discord. My last known follower account was 12.8K. π«‘ https://twitter.com/i/web/status/2016170657571062030 https://twitter.com/i/web/status/2016170657571062030" [X Link](https://x.com/DarkWebInformer/status/2016170657571062030) 2026-01-27T15:25Z 156.7K followers, 21.5K engagements "3000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup: https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261 https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261" [X Link](https://x.com/DarkWebInformer/status/2016265251814056126) 2026-01-27T21:41Z 156.7K followers, 24K engagements "Cl0p Ransomware Claims [--] More Victims Nextphaze Etto Australia The Hale Road MRA Group Podiatry WA RMW Group Ventnor Y Architecture Studio Roberts Designs Sky Excavations Whole IT" [X Link](https://x.com/DarkWebInformer/status/2016319622631293399) 2026-01-28T01:17Z 156.6K followers, [----] engagements "ShinyHunters Claims Match Group Data Leak: 10M Hinge Match & OkCupid Records and Internal Documents Exposed (1.7GB)" [X Link](https://x.com/DarkWebInformer/status/2016341604706005079) 2026-01-28T02:44Z 157.3K followers, [----] engagements "β Sorb claims to sell 897K Cuban student records from Ministry of Higher Education including ID cards political affiliation military details and parents' information" [X Link](https://x.com/DarkWebInformer/status/2016549060979675230) 2026-01-28T16:28Z 157.9K followers, [----] engagements "Bumble Inc has been claimed a victim to ShinyHunters Files primarily from Google Drive and Slack [--] GB (Compressed)" [X Link](https://x.com/DarkWebInformer/status/2016611539650846928) 2026-01-28T20:37Z 158.4K followers, [----] engagements "Leaking the phone number of any Google user ($5k bounty) This vulnerability was submitted to Google's VRP program and awarded a $5000 bounty. It has since been patched. Writeup: https://brutecat.com/articles/leaking-google-phones https://brutecat.com/articles/leaking-google-phones" [X Link](https://x.com/DarkWebInformer/status/2016626991697440947) 2026-01-28T21:38Z 156.7K followers, 97.3K engagements "RAMP4u admin panel user list and messages allegedly up for sale after being seized yesterday by law enforcement" [X Link](https://x.com/DarkWebInformer/status/2016901718387093966) 2026-01-29T15:50Z 156.7K followers, 16.7K engagements "Threat Actor "ally549" is Allegedly Selling Fresh [----] SSN+DOB+DL Fullz Data Covering USA UK and Canada with Over [---] Million Records" [X Link](https://x.com/DarkWebInformer/status/2016933487975006587) 2026-01-29T17:56Z 156.5K followers, 11.1K engagements "SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine. This could be exploited without authentication. CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited would allow a" [X Link](https://x.com/DarkWebInformer/status/2016936977430695962) 2026-01-29T18:10Z 156.7K followers, [----] engagements "Advisories: https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551 https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551" [X Link](https://x.com/DarkWebInformer/status/2016936980236374065) 2026-01-29T18:10Z 156.6K followers, [----] engagements "Why Hackers Get Caught (Bad OPSEC)" [X Link](https://x.com/DarkWebInformer/status/2016943276880707793) 2026-01-29T18:35Z 157.3K followers, 10.1K engagements "CVE-2026-1056: Snow Monkey Forms = 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal PoC/Exploit: CVSS: [---] CVE Published: January 28th [----] Advisory: https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC" [X Link](https://x.com/DarkWebInformer/status/2016983549568577803) 2026-01-29T21:15Z 156.5K followers, [----] engagements "A XSS vulnerability took control of BreachForums about an hour and a half ago. It has since been fixed. Credit: Nicotine" [X Link](https://x.com/DarkWebInformer/status/2016989516603539786) 2026-01-29T21:39Z 157.4K followers, 48.5K engagements "β A threat actor known as "butcher" is auctioning [---] US credit cards (38 credit/62 debit) allegedly obtained via phishing with a starting bid of $800 and a flash price of $1200 claiming 85-95% validity" [X Link](https://x.com/DarkWebInformer/status/2017040659345973297) 2026-01-30T01:02Z 158.5K followers, [----] engagements "John (Lick) launched a Discord Wumpus-themed token that spiked to roughly a $3 million market cap. Insiders quickly dumped their holdings collectively pocketing over $200k in profits. John rug pulled his community & then deleted his Telegram account https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2 https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2" [X Link](https://x.com/DarkWebInformer/status/2017291120657502633) 2026-01-30T17:37Z 158.3K followers, 28.7K engagements "β GoodL7 PROOF targeted the website of Petroleum Authority of Brunei Darussalam" [X Link](https://x.com/DarkWebInformer/status/2017305351100457140) 2026-01-30T18:34Z 157.7K followers, [----] engagements "β A threat actor has allegedly leaked data from Iberdrola a Spanish multinational energy company claiming [----] files were exfiltrated on May [--] [----] containing customer account details phone numbers DNI/NIF identification addresses IBAN numbers and service information. https://twitter.com/i/web/status/2017338728562242008 https://twitter.com/i/web/status/2017338728562242008" [X Link](https://x.com/DarkWebInformer/status/2017338728562242008) 2026-01-30T20:46Z 156.6K followers, [----] engagements "β More malware source code" [X Link](https://x.com/DarkWebInformer/status/2017398634917085393) 2026-01-31T00:44Z 157.4K followers, 28.8K engagements "Hearing a lot about Stopice.net having plate tracker images defaced and then the website being completely hacked all within the last [--] hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year. This is some of the information I was able to gather. A lot of errors show up in the console when visiting the site the JS/CSS path is completely open among other things. It's definitely incredibly vulnerable. IP: 216.243.62.131 ASN: [-----] ASName: Wave Broadband Server: openresty cPanel: Webmail: /js/ /css/ Stop ICE Raids Alert Network: IP: 15.235.11.14" [X Link](https://x.com/DarkWebInformer/status/2017429870012141926) 2026-01-31T02:48Z 158.4K followers, 24.1K engagements "Not sure if sensitive or not since some tokens/keys are fine to be in the frontend (think Cloudflare turnstile). My secret finder found a Google API Key in this Stopice.net site. I'm not a Google nerd obviously so maybe someone would know. If so. yikes. π€·β Hearing a lot about Stopice.net having plate tracker images defaced and then the website being completely hacked all within the last [--] hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year. This is some of the information I https://t.co/0VvxGIX3Ih Hearing a lot about Stopice.net having" [X Link](https://x.com/DarkWebInformer/status/2017656571895980419) 2026-01-31T17:49Z 158.4K followers, 12.7K engagements "The PoC CVE Explorer is coming along. There is obviously no way to verify almost 90K or so PoCs so I placed a disclaimer at the top. Also enriching with the details of the repo is kind of a pain. This is still likely available at the end of February at the earliest. No spot checks have been done yet either. https://twitter.com/i/web/status/2017666263745474919 https://twitter.com/i/web/status/2017666263745474919" [X Link](https://x.com/DarkWebInformer/status/2017666263745474919) 2026-01-31T18:28Z 157.4K followers, [----] engagements "@IntCyberDigest sup my guy @_snagg" [X Link](https://x.com/DarkWebInformer/status/2017765147293393098) 2026-02-01T01:01Z 157.5K followers, 30.9K engagements "CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths GitHub: https://github.com/Ashwesker/Ashwesker-CVE-2026-1281 https://github.com/Ashwesker/Ashwesker-CVE-2026-1281" [X Link](https://x.com/DarkWebInformer/status/2018070295572107601) 2026-02-01T21:13Z 156.6K followers, [----] engagements "Polycom now by the name Poly Inc. has fallen victim to Everest Ransomware Allegedly [--] GB of data stolen Revenue: $1.73 Billion (FY 2021)" [X Link](https://x.com/DarkWebInformer/status/2018094563714302255) 2026-02-01T22:50Z 157.9K followers, [----] engagements "Iron Mountain has been claimed a victim to Everest Ransomware Iron Mountain is a large publicly traded information management firm generating around $6.6 billion in annual revenue" [X Link](https://x.com/DarkWebInformer/status/2018118246914785750) 2026-02-02T00:24Z 156.8K followers, [----] engagements "A threat actor is selling a hidden crypto contract checker tool built in Go for $15000 ($12000 for the first buyer) which scans EVM addresses across multiple networks including Ethereum BSC Polygon Arbitrum and Avalanche to identify contracts with hidden balances not detected by platforms like DeBank with lifetime updates and planned XMR Monero and Solana support. https://twitter.com/i/web/status/2018362829015781760 https://twitter.com/i/web/status/2018362829015781760" [X Link](https://x.com/DarkWebInformer/status/2018362829015781760) 2026-02-02T16:36Z 158.1K followers, 31.8K engagements "AutoPentestX - Linux Automated Pentesting & Vulnerability Reporting Tool GitHub: https://github.com/Gowtham-Darkseid/AutoPentestX https://github.com/Gowtham-Darkseid/AutoPentestX" [X Link](https://x.com/DarkWebInformer/status/2018388181960347886) 2026-02-02T18:16Z 158.4K followers, 38.2K engagements "rxerium-templates: Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities. GitHub: Vouch. I have posted a lot of his repos in the past. https://github.com/rxerium/rxerium-templates https://github.com/rxerium/rxerium-templates" [X Link](https://x.com/DarkWebInformer/status/2018413232461934785) 2026-02-02T19:56Z 157.9K followers, [----] engagements "It's not often I see an .onion to a hacktivist group but here we are. π Onion: http://zwziyr6hbbqmtm7x5peu4dxyrm6wqvw7sdulvcgwcs2yvbx77cjesaad.onion" [X Link](https://x.com/DarkWebInformer/status/2018443530776232343) 2026-02-02T21:56Z 156.6K followers, [----] engagements "β A threat actor is selling a full database leak from HIMS University in Egypt containing [-----] records across multiple files. The exposed data includes student PII with plaintext passwords Fawry and Banque Misr payment transaction logs Mastercard/Banque Misr payment gateway API credentials and detailed staff bank account information. The asking price starts at $250 in Monero. https://twitter.com/i/web/status/2018712420252897719 https://twitter.com/i/web/status/2018712420252897719" [X Link](https://x.com/DarkWebInformer/status/2018712420252897719) 2026-02-03T15:45Z 157.3K followers, [----] engagements "A threat actor has leaked a citizen database from the Dominican Republic containing [---] million SQL records and [---] million citizen photos. The exposed data includes cedula numbers names civil status dates of birth sex birthplace blood type and occupation" [X Link](https://x.com/DarkWebInformer/status/2018716241578316181) 2026-02-03T16:00Z 157.7K followers, [----] engagements "Confidential military data from SEKISUI Aerospace Corporation a Tier [--] supplier for Boeing 737/787 programs and U.S. military contracts is allegedly being sold for $200000. The [--] GB package reportedly contains ITAR/export-controlled engineering drawings STEP and CATIA files bills of materials with Boeing part numbers tooling and fixture data and 3D assembly models tied to programs for Boeing Commercial Boeing Defense NASA Lockheed Martin and Northrop Grumman. https://twitter.com/i/web/status/2018719471364403300 https://twitter.com/i/web/status/2018719471364403300" [X Link](https://x.com/DarkWebInformer/status/2018719471364403300) 2026-02-03T16:13Z 158.5K followers, [----] engagements "OpenClaw on FOFA: FOFA: FOFA Query: app="OpenClaw" [-----] results https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From gatewayUrl CVSS: [---] Advisory: https://t.co/bDatxBUqfx Writeup: https://t.co/ohB3Zhw0fp All versions up to v2026.1.24-1 are vulnerable. Video: Ethiack https://t.co/DlzusBK2NG https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From" [X Link](https://x.com/DarkWebInformer/status/2018738518315483385) 2026-02-03T17:29Z 157.9K followers, [----] engagements "β Firewall and network admin panel access to a Chinese finance organization is being sold for $300. The listing claims root RCE plus shell access on a Linux-based firewall device. The seller a known initial access broker is accepting contact through Session" [X Link](https://x.com/DarkWebInformer/status/2018762621034340377) 2026-02-03T19:04Z 158.3K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/" [X Link](https://x.com/DarkWebInformer/status/2018771462761443359) 2026-02-03T19:39Z 158K followers, [----] engagements "CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data https://t.co/sLpMXScxsC https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552" [X Link](https://x.com/DarkWebInformer/status/2018771709164191796) 2026-02-03T19:40Z 157.9K followers, [----] engagements "β Data from "Choisir le service public" the French government's official public sector job portal is allegedly being sold. The listing claims to contain records of [------] job seekers with proof screenshots showing candidate profiles including personal details emails phone numbers and application history. https://twitter.com/i/web/status/2018790474115613160 https://twitter.com/i/web/status/2018790474115613160" [X Link](https://x.com/DarkWebInformer/status/2018790474115613160) 2026-02-03T20:55Z 158.3K followers, [----] engagements ".cz BreachForums is at war with .bf BreachForums and looks like .cz got the .bf clearnet domain suspended. It's currently down. The small screenshot is small because it requires an account to sign in to look at the large snap but I don't have an account yet. It does look legit" [X Link](https://x.com/DarkWebInformer/status/2018852252673577084) 2026-02-04T01:01Z 157.3K followers, 24K engagements "Apparently someone is logged into Jeffrey Epstein's Outlook account via Reddit. https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was in the Epstein files. https://t.co/zmntv2QlrY https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was" [X Link](https://x.com/DarkWebInformer/status/2018854655485489344) 2026-02-04T01:10Z 157.8K followers, 28.3K engagements "A threat actor has posted three separate listings: China Union Pay: [---] million rows of deduplicated cardholder data allegedly from China UnionPay including phone numbers names national IDs provinces carrier info and dates of birth. Crypto Currency Bundle: A [---] GB compilation of [----] million records spanning dozens of major crypto platforms including Coinbase Binance KuCoin Poloniex Bitfinex and Paxful containing combo credentials email leads and phone-linked customer data. Hong Kong Stock Investment: [------] unique rows allegedly from KGI Asia's platform containing emails phone numbers stock" [X Link](https://x.com/DarkWebInformer/status/2019109025795735714) 2026-02-04T18:01Z 156.8K followers, [----] engagements "Your "dark web monitoring" service needs your SSN name and personal details just to watch for leaks. Think about that. Dark Web Informer doesn't need any of that. Sign up with an email choose your tier and start seeing threat actor activity as it happens. That's it. http://darkwebinformer.com http://darkwebinformer.com" [X Link](https://x.com/DarkWebInformer/status/2019109028350116336) 2026-02-04T18:01Z 156.7K followers, [----] engagements "Two French educational institutions allegedly breached. Lyce Notre-Dame des Dunes and Lyce Saint-Charles. The data has been posted freely for download. The group also claims to hold [--] TB of unreleased databases from across the French sector totaling [---] million records and is threatening further leaks. https://twitter.com/i/web/status/2019122243687547327 https://twitter.com/i/web/status/2019122243687547327" [X Link](https://x.com/DarkWebInformer/status/2019122243687547327) 2026-02-04T18:53Z 158.3K followers, [----] engagements "Threat feed will be down for the next [--] minutes for an update. Will update once back up" [X Link](https://x.com/DarkWebInformer/status/2019133067215138922) 2026-02-04T19:36Z 156.7K followers, [----] engagements "OK it's back up. There was a memory leak that should be resolved now. If the feed showed that it failed to load randomly that was the issue. I am monitoring and will adjust if needed. Threat feed will be down for the next [--] minutes for an update. Will update once back up. Threat feed will be down for the next [--] minutes for an update. Will update once back up" [X Link](https://x.com/DarkWebInformer/status/2019137106422157596) 2026-02-04T19:52Z 156.7K followers, [----] engagements "A large collection of email-only crypto databases is being offered for sale covering U.S. and mixed geographies from [--------]. The actor is providing a list of available databases and samples with purchases handled via Telegram on a per-database basis" [X Link](https://x.com/DarkWebInformer/status/2019138206302941527) 2026-02-04T19:57Z 156.8K followers, [----] engagements "TLDFinder: A streamlined tool for discovering private TLDs for security research. GitHub: TLD based DNS lookups (Passive) TLD based DNS lookups (Active) STD IN/OUT and TXT/JSON output https://github.com/projectdiscovery/tldfinder https://github.com/projectdiscovery/tldfinder" [X Link](https://x.com/DarkWebInformer/status/2019140941668577729) 2026-02-04T20:08Z 157.9K followers, [----] engagements "PLAY Ransomware claims [--] victims Woodfield CBH Homes ISTS" [X Link](https://x.com/DarkWebInformer/status/2019148727316017302) 2026-02-04T20:39Z 156.5K followers, [----] engagements "A data set for GiftOnCard a Serbia-based gift card platform is being sold with the seller claiming to still have active access. The leak includes [------] web user records with passwords [------] card registration entries and [---] million gift card records containing detailed cardholder PII transaction data and loyalty program information. https://twitter.com/i/web/status/2019151522915930436 https://twitter.com/i/web/status/2019151522915930436" [X Link](https://x.com/DarkWebInformer/status/2019151522915930436) 2026-02-04T20:50Z 156.7K followers, [----] engagements "CVE-2026-25049: N8n AI Workflow Remote Code Execution "This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly it can lead to full server compromise depending on deployment configuration." https://twitter.com/i/web/status/2019159982940516686 https://twitter.com/i/web/status/2019159982940516686" [X Link](https://x.com/DarkWebInformer/status/2019159982940516686) 2026-02-04T21:23Z 156.7K followers, [----] engagements "Video Credit: http://youtube.com/@SecureLayer7 http://youtube.com/@SecureLayer7" [X Link](https://x.com/DarkWebInformer/status/2019159984928432454) 2026-02-04T21:23Z 156.6K followers, [----] engagements "Just a reminder I am no longer posting on LinkedIn see below. I currently only post on the following socials: X Infosec Exchange Telegram Discord. I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange https://t.co/uib5AuBe35 I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by" [X Link](https://x.com/DarkWebInformer/status/2019165840189338098) 2026-02-04T21:47Z 156.6K followers, [----] engagements "A known initial access broker is selling firewall and network admin panel access to three government entities: Thailand Government-Owned Visa Program: Root RCE + shell access on a Linux firewall priced at $300. Palestinian Government Agency (Foreign Aid Portal): Same level of access on a Linux firewall priced at $400. Indonesian Government Land Authority: Root RCE + shell + network admin panel on a Linux firewall priced at $300. https://twitter.com/i/web/status/2019169038232944887 https://twitter.com/i/web/status/2019169038232944887" [X Link](https://x.com/DarkWebInformer/status/2019169038232944887) 2026-02-04T21:59Z 158.4K followers, 10.8K engagements "Ransomware Attack Update - February 4th [----] https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/" [X Link](https://x.com/DarkWebInformer/status/2019174569676792283) 2026-02-04T22:21Z 156.7K followers, [----] engagements "Threat Attack Update - February 4th [----] https://darkwebinformer.com/threat-attack-update-february-4th-2026/ https://darkwebinformer.com/threat-attack-update-february-4th-2026/" [X Link](https://x.com/DarkWebInformer/status/2019175699865596092) 2026-02-04T22:26Z 156.7K followers, [----] engagements "Daily Dose of Dark Web Informer - February 4th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/" [X Link](https://x.com/DarkWebInformer/status/2019178897472893140) 2026-02-04T22:38Z 156.7K followers, [----] engagements ".cz BreachForums was briefly defaced by what looks like a XSS vuln in XenForo. XenForo is a popular forum platform that I have seen used by a lot of actors most of which I have identified in my Threat-Surface repo on GitHub. Credit to antisocial for sending the video" [X Link](https://x.com/DarkWebInformer/status/2019186220891533608) 2026-02-04T23:08Z 158.2K followers, 15.8K engagements "Seems the war is far from over" [X Link](https://x.com/DarkWebInformer/status/2019186223416246731) 2026-02-04T23:08Z 157.3K followers, [----] engagements "Guardia Civil Dismantled a Bank Mule Network in La Rioja Under Operation Vicentius Spain's Guardia Civil has identified [--] suspects linked to fraud money laundering and unauthorized access to computer systems. The group allegedly operated fake cryptocurrency investment platforms and used remote access software to drain victims' bank accounts and take out loans in their names causing an estimated [------] in total losses. Stolen funds were funneled to accounts in Denmark Lithuania the United Kingdom and China. The investigation remains ongoing as authorities work to trace and recover the money." [X Link](https://x.com/DarkWebInformer/status/2019426902675427404) 2026-02-05T15:04Z 156.7K followers, [----] engagements "WordPress admin and shell access to a UK-based online shop is being auctioned. The store processes payments via Stripe iframe with roughly [---] orders across the last three months and a 70% unique order rate. The auction starts at $700 with a blitz price of $1500" [X Link](https://x.com/DarkWebInformer/status/2019433499380568574) 2026-02-05T15:30Z 157.9K followers, [----] engagements "Incognito Market Owner "Pharaoh" Sentenced to [--] Years for Running $105M Dark Web Drug Empire Rui-Siang Lin a 24-year-old Taiwanese national who operated under the pseudonym "Pharaoh" was sentenced to [--] years in federal prison on February [--] [----] for running Incognito Market one of the largest dark web narcotics marketplaces ever created. The platform which operated from October [----] until its closure in March [----] facilitated over [------] drug transactions totaling more than $105 million in sales. Its inventory included over [----] kilograms each of cocaine and methamphetamine along with" [X Link](https://x.com/DarkWebInformer/status/2019448598413603166) 2026-02-05T16:30Z 158K followers, 22.3K engagements "β Order data from Family Cinema a French movie theater chain is allegedly being sold totaling [------] orders from [-----] unique customers spanning [----] to [----]. The exposed records include emails phone numbers full addresses dates of birth IP addresses payment details and detailed ticket purchase history including film titles and showtime information. A 1000-line sample has been posted freely. https://twitter.com/i/web/status/2019463428323045804 https://twitter.com/i/web/status/2019463428323045804" [X Link](https://x.com/DarkWebInformer/status/2019463428323045804) 2026-02-05T17:29Z 156.7K followers, [----] engagements "Two French organizations have allegedly been breached by the same threat actor: Fdration Franaise de la Randonne Pdestre: Data from [------] members of France's national hiking federation is for sale containing [------] unique emails and [------] unique phone numbers from [--------] license holders. CCAS Dunkerque: Records of [-----] individuals receiving social assistance from the Community Center for Social Action in Dunkerque including [-----] unique phone numbers and [-----] unique emails. The data includes family groupings and welfare recipient details." [X Link](https://x.com/DarkWebInformer/status/2019479263523549262) 2026-02-05T18:32Z 156.7K followers, [----] engagements "@fbi__open__up He will serve [--] years of supervised release when he serves his prison sentence. "In addition to the prison term LIN [--] of Taiwan was sentenced to five years of supervised release and $105045109.67 in forfeiture." https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online" [X Link](https://x.com/DarkWebInformer/status/2019480785061851142) 2026-02-05T18:38Z 156.5K followers, [---] engagements "CISA has added two vulnerabilities to the KEV Catalog CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution. CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability: React Native Community CLI contains an OS command injection" [X Link](https://x.com/DarkWebInformer/status/2019508092392894726) 2026-02-05T20:27Z 156.7K followers, [----] engagements "βLeakBase has been down for about two days now. The last two times the site went offline it remained down for a week or two. Theres no information on any new domains or updates and no recent news regarding the site. It is however hosted by the notorious Njalla" [X Link](https://x.com/DarkWebInformer/status/2019558700424544443) 2026-02-05T23:48Z 157.6K followers, [----] engagements "A dataset of [-----] cryptocurrency leads is being sold for $5000 with only one copy available. The data allegedly collected from advertising campaigns includes [-----] unique phone numbers and [-----] unique emails spanning multiple countries including Australia UK Canada France and over [--] others. Records contain names contact details registration dates and country information. https://twitter.com/i/web/status/2019798289630081182 https://twitter.com/i/web/status/2019798289630081182" [X Link](https://x.com/DarkWebInformer/status/2019798289630081182) 2026-02-06T15:40Z 158.1K followers, [----] engagements "Network access to a U.S. retail and supply chain management company with $1.5M+ in revenue is being sold for $12000. The listing claims SonicWall VPN RDP and SSH access with certificates to 6+ dev servers domain user privileges and database access across 8+ large databases (MSSQL Redis MySQL). The network allegedly spans 140+ stores across [--] states with approximately [----] endpoints [--] domain controllers and 12TB of data" [X Link](https://x.com/DarkWebInformer/status/2019842827878896008) 2026-02-06T18:37Z 157.9K followers, [----] engagements "A set of [---] Canadian credit cards obtained via sniffing is being auctioned with a claimed 7595% validity rate. The data includes full card numbers CVVs expiration dates names addresses phone numbers emails and IPs. Card balances reportedly range from $300$600. The auction starts at $2000 with a blitz price of $6000. https://twitter.com/i/web/status/2019883611705733216 https://twitter.com/i/web/status/2019883611705733216" [X Link](https://x.com/DarkWebInformer/status/2019883611705733216) 2026-02-06T21:19Z 158.2K followers, [----] engagements "Atlas Air has been claimed a victim to Everest Ransomware" [X Link](https://x.com/DarkWebInformer/status/2019908230579728781) 2026-02-06T22:57Z 157.9K followers, [----] engagements "Approximately [--] minutes ago [----------] BTC ($181K) was transferred to Bitcoins genesis address effectively burning the funds β«π₯ https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa" [X Link](https://x.com/DarkWebInformer/status/2019928680072692174) 2026-02-07T00:18Z 158.5K followers, 16.7K engagements "Vouch: A contributor trust management system based on explicit vouches to participate. GitHub: https://github.com/mitchellh/vouch https://github.com/mitchellh/vouch" [X Link](https://x.com/DarkWebInformer/status/2020296792307646478) 2026-02-08T00:41Z 158.4K followers, [----] engagements "An initial access broker is selling full control access to two separate targets for $300 each. A European private file host and the second is a private AI business communications infrastructure platform. Both listings claim Linux OS firewall device access and root RCE with shell and network admin panel permissions. https://twitter.com/i/web/status/2020557187672686914 https://twitter.com/i/web/status/2020557187672686914" [X Link](https://x.com/DarkWebInformer/status/2020557187672686914) 2026-02-08T17:55Z 158.1K followers, 10K engagements "β Effective Feb 12th the @DarkWebIntelBot will be parked and will no longer provide intel. X released a pay-per-use API shortly after I made the below post and deprecated the free tier altogether. It's no longer worth maintaining. The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing cycle is over. It is not worth the $200 a month and could be better used towards infrastructure. All the current alerts on that account will still flow but will likely be rate The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing" [X Link](https://x.com/DarkWebInformer/status/2020594011682345232) 2026-02-08T20:22Z 158.3K followers, 15K engagements "β A data set allegedly from casio.ru the Russian arm of Casio has been posted with over [--] million records. The data includes full names cities addresses phone numbers and country fields. Sample records show Russian citizens from cities including Tyumen Magnitogorsk Nizhny Tagil Ekaterinburg Chelyabinsk and Surgut. https://twitter.com/i/web/status/2021263319345045744 https://twitter.com/i/web/status/2021263319345045744" [X Link](https://x.com/DarkWebInformer/status/2021263319345045744) 2026-02-10T16:41Z 158.1K followers, [----] engagements "XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687) https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/ https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/" [X Link](https://x.com/DarkWebInformer/status/2021281210136170650) 2026-02-10T17:52Z 158.1K followers, [----] engagements "Cl0p Ransomware Claims [--] Victims ANS Tech Inc Hudson Executive IT Architects Proactive Medical Smith IP Services BE09 Broadreach Retail RBD Construction Che Hardy Gokall IT Hudson Sustainable OneSupport GiaSpace GiaCare Hyde Park UMC AIG Business The Perpetual Garner Group Spohn Associates CFDT Boyden https://twitter.com/i/web/status/2021290815964725684 https://twitter.com/i/web/status/2021290815964725684" [X Link](https://x.com/DarkWebInformer/status/2021290815964725684) 2026-02-10T18:30Z 158.4K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. CVE-2026-21510: Microsoft Windows Shell Protection Mechanism" [X Link](https://x.com/DarkWebInformer/status/2021296309005594928) 2026-02-10T18:52Z 158.4K followers, [----] engagements "β RDP access with user rights to an Australian machinery and equipment company with $12M+ in revenue is being sold for $800. The listing notes Trend Micro antivirus is in place" [X Link](https://x.com/DarkWebInformer/status/2021331516312502588) 2026-02-10T21:12Z 158.4K followers, [----] engagements "A U.S. military aerospace simulations and defense contractor is being sold for $400 with root RCE shell access and a hijacked admin panel session on a Linux firewall device" [X Link](https://x.com/DarkWebInformer/status/2021345913319588062) 2026-02-10T22:09Z 158.4K followers, [----] engagements "2/3 Domain user access to an Australian retail company with $20M in revenue is being auctioned. The listing specifies Sophos VPN access. Auction starts at $1500 with a blitz price of $3000" [X Link](https://x.com/DarkWebInformer/status/2021622090185720154) 2026-02-11T16:27Z 158.4K followers, [----] engagements "3/3 Domain admin access to a Swiss manufacturing company with $15M in revenue is being auctioned. The listing specifies Sophos VPN with Sophos antivirus. Auction starts at $1500 with a blitz price of $3000" [X Link](https://x.com/DarkWebInformer/status/2021622093037879593) 2026-02-11T16:27Z 158.4K followers, [----] engagements "A data set allegedly from Zain Kuwait a major telecommunications provider has been posted for sale containing [-------] subscriber records totaling 11.3GB in JSON format. The breach is dated [----] and includes subscriber numbers owner names and associate names. Sample data shows Arabic-language subscriber records with phone numbers verification status and spam flags. The seller offers tiered pricing in Monero: [--] XMR for takedown [--] XMR for exclusive purchase with deletion [--] XMR for non-exclusive access or [--] XMR for the scraping exploit itself." [X Link](https://x.com/DarkWebInformer/status/2021625660540621301) 2026-02-11T16:41Z 158.4K followers, [----] engagements "WordPress admin shell and database access to an international e-commerce store is being auctioned. The site has a $601.91 average order value with [---] orders in January (351 card [--] crypto) and [---] in February (109 card [--] crypto). A payment card redirect tap is in place with 100% unique orders. The auction starts at $1000 with a blitz price of $2500. https://twitter.com/i/web/status/2021637425286816189 https://twitter.com/i/web/status/2021637425286816189" [X Link](https://x.com/DarkWebInformer/status/2021637425286816189) 2026-02-11T17:28Z 158.4K followers, [----] engagements "π¨ A threat actor is allegedly selling access and data from a Spain-based business association on a hacking forum. The listing allegedly includes: Foothold/access to internal office network Email credentials (6000+ contacts in address book) Employee email credentials Email marketing account (3000+ contacts) Cloud storage access Social media accounts Extracted member PII (name DNI/ID NIF address email phone business name IBAN etc.) The threat actor is asking for $1000. https://twitter.com/i/web/status/2021694529783382429 https://twitter.com/i/web/status/2021694529783382429" [X Link](https://x.com/DarkWebInformer/status/2021694529783382429) 2026-02-11T21:15Z 158.4K followers, [----] engagements "Here is a longer video "explaining" what possibly occurred. I looked for about a hour or two online after positing the other video and was not able to find any information on this. YouTube launched in December [----] so uploading a video at that time wasn't a big thing. π€·β The [----] Hijacking of Playhouse Disney (now Disney Junior) A now-deleted YouTube channel called MickeyArchives004 uploaded a video in [----] claiming to show a hijacked episode of Mickey Mouse Clubhouse. https://t.co/Vin6HFdAIm The [----] Hijacking of Playhouse Disney (now Disney Junior) A now-deleted YouTube channel called" [X Link](https://x.com/DarkWebInformer/status/2022814489192603969) 2026-02-14T23:25Z 158.6K followers, [----] engagements "βA threat actor is auctioning WordPress admin access with Stripe iframe to a UAE shop. Start: $5000 Blitz: $20000" [X Link](https://x.com/DarkWebInformer/status/2022439907671539908) 2026-02-13T22:37Z 158.6K followers, [----] engagements "The [----] Hijacking of Playhouse Disney (now Disney Junior) A now-deleted YouTube channel called MickeyArchives004 uploaded a video in [----] claiming to show a hijacked episode of Mickey Mouse Clubhouse" [X Link](https://x.com/DarkWebInformer/status/2022762770089771204) 2026-02-14T20:00Z 158.6K followers, 16.1K engagements "A threat actor claims to be auctioning [--] German drivers licenses (DL) allegedly including front and back scans along with associated social insurance numbers health insurance details and additional supporting documents in some cases. Start: $100 Bid: $50 Blitz: $350" [X Link](https://x.com/DarkWebInformer/status/2022830466735427596) 2026-02-15T00:29Z 158.6K followers, [----] engagements "β RuskiNet defaced the website of Taboo Disco Club" [X Link](https://x.com/DarkWebInformer/status/2016245631782670776) 2026-01-27T20:23Z 158.6K followers, [----] engagements "π¨ SLSH (Scattered LAPSUS$ ShinyHunters) is actively targeting 100+ enterprises via live phishing panels Targets include: Technology & Software: Atlassian AppLovin Canva Epic Games Genesys HubSpot RingCentral ZoomInfo Iron Mountain Fintech & Payments: Adyen Jack Henry Shift4 Payments SoFi Biotech & Pharma: Alnylam Amgen Arvinas Biogen Gilead Sciences Moderna Neurocrine Biosciences Financial Services / Banking: Apollo Global Mgmt Blackstone Cohen & Steers Frost Bank goeasy Ltd. Guild Mortgage Morningstar RBC Securian Financial State Street TPG Capital Real Estate (REITs & Investment): Avison" [X Link](https://x.com/DarkWebInformer/status/2016709518554534383) 2026-01-29T03:06Z 158.6K followers, 14.8K engagements "β German motorcycle site allegedly breached including live MySQL access and full banking data offered for sale π Germany Type: Data Breach / Initial Access Threat actor: OpenBullet Records: 75394+ SEPA records [-----] bank transactions [----] PayPal orders Samples: Yes The dataset includes SEPA direct debits bank transactions dating back to [----] user bank accounts PayPal order records and payment method details. Email and hashed password data is also allegedly included. Data includes: Full customer IBANs BICs account holder names sender names bank account numbers (Kontonummer/BLZ) transaction" [X Link](https://x.com/DarkWebInformer/status/2021974328997261684) 2026-02-12T15:47Z 158.6K followers, [----] engagements "β A threat actor claims to have leaked data from Navodaya Transport. The allegedly compromised dataset reportedly includes [------] records containing internal IDs location data timestamps distance and duration metrics and tracking identifiers" [X Link](https://x.com/DarkWebInformer/status/2022552384522617173) 2026-02-14T06:04Z 158.6K followers, [----] engagements "A threat actor claims to be offering a database containing [--] million unverified Saudi Arabian phone numbers. The post advertises a sample of the data and states that the full dataset is available for download" [X Link](https://x.com/DarkWebInformer/status/2022818387362222147) 2026-02-14T23:41Z 158.6K followers, [----] engagements "A threat actor claims to have leaked an all students dataset from North Kitsap School District a Washington State public school district. The post references an XLSX-formatted file and shares a sample allegedly containing student IDs first and last names dates of birth guardian names phone numbers email addresses physical addresses grade levels and geolocation-related details" [X Link](https://x.com/DarkWebInformer/status/2022850599163969542) 2026-02-15T01:49Z 158.6K followers, [----] engagements "A threat actor claims to be auctioning access to [---] GitLab repositories reportedly under an owner-level account using a Java stack. The post references projects based in India within the astrology software niche. Start: $50 Step: $25 Blitz: $500" [X Link](https://x.com/DarkWebInformer/status/2022862930493243560) 2026-02-15T02:38Z 158.6K followers, [----] engagements "Chris Titus Tech's Windows Utility: It is meant to streamline installs debloat with tweaks troubleshoot with config and fix Windows updates GitHub: https://github.com/ChrisTitusTech/winutil https://github.com/ChrisTitusTech/winutil" [X Link](https://x.com/DarkWebInformer/status/2021683095032725920) 2026-02-11T20:29Z 158.6K followers, [----] engagements "YouTube appears to be down at least for some of us. π" [X Link](https://x.com/DarkWebInformer/status/2021686006760477062) 2026-02-11T20:41Z 158.6K followers, 13.5K engagements "The Hackers Who Trolled The FBI (twice) On March 15th [----] the FBI led a coordinated takedown of BreachForums the largest data-leak forum on the internet after years of silently tracking its members from Diogo Santos Coelho's RaidForums to Pompompurin's reign and Baphomet's brief attempt to keep it alive. The operation unraveled a network of cybercriminals including ShinyHunters a group behind some of the biggest corporate breaches in history who had spent years openly trolling the FBI. https://twitter.com/i/web/status/2021985395081195767 https://twitter.com/i/web/status/2021985395081195767" [X Link](https://x.com/DarkWebInformer/status/2021985395081195767) 2026-02-12T16:30Z 158.6K followers, 10.4K engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS macOS tvOS watchOS and visionOS contain an improper restriction of operations" [X Link](https://x.com/DarkWebInformer/status/2022020858974253458) 2026-02-12T18:51Z 158.6K followers, 15.6K engagements "A threat actor is selling a data set of dinar.sa a Saudi investment platform containing approximately [----] investor records. Exposed data reportedly includes investor IDs full names emails phone numbers wallet balances national ID details dates of birth and legal registration information. https://twitter.com/i/web/status/2022346133029126452 https://twitter.com/i/web/status/2022346133029126452" [X Link](https://x.com/DarkWebInformer/status/2022346133029126452) 2026-02-13T16:24Z 158.6K followers, 20.3K engagements "PLAY Ransomware Claims [--] Victims Lusamerica Foods HMA Unified Engineering UCG Associates Heartland Title Services" [X Link](https://x.com/DarkWebInformer/status/2022402946428964906) 2026-02-13T20:10Z 158.6K followers, [----] engagements "The Hacker Who Outsmarted the FBI In the 1990s Kevin Mitnick became Americas most wanted hacker without ever unleashing a virus. Instead of malware he relied on manipulation confidence and a telephone to breach telecom companies major tech firms and even monitor the agents pursuing him. This is the story of a hacker who did not need code to gain access. He only needed your trust. https://twitter.com/i/web/status/2022412960270819770 https://twitter.com/i/web/status/2022412960270819770" [X Link](https://x.com/DarkWebInformer/status/2022412960270819770) 2026-02-13T20:49Z 158.6K followers, [----] engagements "β A threat actor is auctioning WordPress shop/store admin access with credit card iframe injection. Claims: [---] total CC captures [---] in last [--] days Card rate: 100% GEO: US Form type: iframe Start: $800 Step: $150 Blitz: $2200" [X Link](https://x.com/DarkWebInformer/status/2022423970247774681) 2026-02-13T21:33Z 158.6K followers, [----] engagements "A threat actor is selling 494GB of corporate data from Hansa Solutions (hansasolutions.com) an Indian insurance IT company from a network-wide breach in January [----]. Claims: 88GB Microsoft Exchange EDB - CEO & employee emails calendars contacts internal comms [--] servers (404GB) - Development and Operational/Internal All customer data & partner transaction history (MCIS Life ICICI Prudential SBI Life Bajaj Allianz Kotak Life etc.) Samples include internal Teams chats employee payslips and insurance policy records Price: $19000$25000 (XMR/BTC)" [X Link](https://x.com/DarkWebInformer/status/2022428910349164989) 2026-02-13T21:53Z 158.6K followers, [----] engagements "A threat actor claims to have leaked an aggregated database containing over [--] billion records allegedly sourced from major Chinese organizations and datasets. The post references data attributed to Pinduoduo (14.5B records) JD.com (10B records) broader Chinese e-commerce datasets (8.15B records) YTO Express and ZTO Express (4.5B records) a 1.2B police database the Shanghai National Police (960M records) and a 960M citizens database. The dataset reportedly includes consumer logistics and registry information spanning multiple sectors across China." [X Link](https://x.com/DarkWebInformer/status/2022745406426558598) 2026-02-14T18:51Z 158.6K followers, [----] engagements "A threat actor claims to be auctioning access to [--] GitLab repositories reportedly under an owner-level account using Unreal Engine [--] (UE5). The post references projects based in Vietnam within the game development niche. Start: $100 Step: $50 Blitz: $1000" [X Link](https://x.com/DarkWebInformer/status/2022892877752471604) 2026-02-15T04:37Z 158.6K followers, [----] engagements "https://github.com/Miiden/EyeSpy https://github.com/Miiden/EyeSpy" [X Link](https://x.com/DarkWebInformer/status/1792967285180625379) 2024-05-21T17:14Z 158.6K followers, [----] engagements "hackGPT: I leverage OpenAI and ChatGPT to do hackerish things Link: GitHub: https://github.com/NoDataFound/hackGPT http://hackGPT.com https://github.com/NoDataFound/hackGPT http://hackGPT.com" [X Link](https://x.com/DarkWebInformer/status/1926762230705541169) 2025-05-25T22:08Z 158.6K followers, 176.4K engagements "There appears to be a massive outage going on. Twitch Discord Google Cloud Google Google Meet Google Nest CharacterAI Etsy Khan Academy Google Drive Google Maps Pokemon TCG Dialpad Mailchimp HighLevel Amazon Web Services OpenAI Cloudflare Anthropic Breezeline Dragon Ball State Farm Embark Studios Gmail Rocket League DoorDash Wells Fargo Marvel MLB TV Google Gemini Fortnite Spotify Shopify Snapchat Tekken Box Equifax Roll20 Cursor Looker Studio FuboTV IKEA reCAPTCHA GitLab Steam Clover POS Systems AMC Theatres NPM" [X Link](https://x.com/DarkWebInformer/status/1933228066626494492) 2025-06-12T18:21Z 158.6K followers, 777.2K engagements "π¨π¨Archetyp Darknet Market the world's largest Darknet Market has been seized by law enforcement" [X Link](https://x.com/DarkWebInformer/status/1934542912328520059) 2025-06-16T09:25Z 158.6K followers, 169.5K engagements "π¨Public Release of Rust-Based Loader (Tribute to Lumma) Category: Malware Threat Actor: DeWorm14 Forum: RAMP Network: Clearnet Dark Web Details: Actor shares a Rust + x64 assembly loader named ttl_loader written as a tribute to Lumma. Claims full EDR bypass compiled using modified Fortinet panel and tested stub. No encryption or injection modules included; a DHL-based C2 variant also exists. Attachment: ttl_loader.zip provided. https://twitter.com/i/web/status/1948796756260475083 https://twitter.com/i/web/status/1948796756260475083" [X Link](https://x.com/DarkWebInformer/status/1948796756260475083) 2025-07-25T17:25Z 158.6K followers, [----] engagements "π¨D4RK 4RMY Ransomware Claims [--] New Victims Mizuha Financial Group Tsai Capital Onex Canada Asset Management Inc Magellan Financial Group Bridgewater Associates" [X Link](https://x.com/DarkWebInformer/status/1953497049669751180) 2025-08-07T16:42Z 158.6K followers, [----] engagements "Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total Hybrid Analysis URLHaus Polyswarm Malshare Alien Vault Malpedia Malware Bazaar ThreatFox Triage InQuest VxExchange and IPInfo. GitHub: https://github.com/alexandreborges/malwoverview https://github.com/alexandreborges/malwoverview" [X Link](https://x.com/DarkWebInformer/status/1959363732749873543) 2025-08-23T21:14Z 158.6K followers, 34.2K engagements "InstagramPrivSniffer: Views Instagram private account's media without login GitHub: https://github.com/obitouka/InstagramPrivSniffer https://github.com/obitouka/InstagramPrivSniffer" [X Link](https://x.com/DarkWebInformer/status/1971266484321255492) 2025-09-25T17:32Z 158.6K followers, 174.7K engagements "iptv: Collection of publicly available IPTV channels from all over the world GitHub: Channels: (38065channel(s)) https://iptv-org.github.io/ https://github.com/iptv-org/iptv https://iptv-org.github.io/ https://github.com/iptv-org/iptv" [X Link](https://x.com/DarkWebInformer/status/1990549999416193212) 2025-11-17T22:37Z 158.6K followers, 309.9K engagements "π¨Cl0p Ransomware Claims [--] Victims Al Jomaih Automotive Fruit of the Loom Frontrol Humana Oracle Abbott Laboratories Mazda MAS Holdings Canon Trane Technologies Grupo Bimbo Bechtel Este Lauder Companies Alshaya Group Fleetship Management Mazda USA Worley L&L Products University of Phoenix Treet Corporation Greater Cleveland RTA A10 Networks Envoy Broadcom Southern Illinois University Dooney & Bourke WellBiz Brands Michelin Sumitomo Chemical Greenball Corporation https://twitter.com/i/web/status/1991550211500421456 https://twitter.com/i/web/status/1991550211500421456" [X Link](https://x.com/DarkWebInformer/status/1991550211500421456) 2025-11-20T16:52Z 158.6K followers, 45.7K engagements "π¨BreachForums is back again. Clearnet: breachforums.bf Dark Web: http://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion IP: 91.215.85.48 ASN: [------] Server: Apache/2.4.65 (Debian) IP: 45.134.26.22 ASN: [------] Server: Apache/2.4.65 (Debian)" [X Link](https://x.com/DarkWebInformer/status/2000237028298899599) 2025-12-14T16:10Z 158.6K followers, 95.3K engagements "π¨ Alleged leak of CAF (Caisse dAllocations Familiales) Lines: [--------] Size: 15.3GB" [X Link](https://x.com/DarkWebInformer/status/2001450150238073342) 2025-12-18T00:31Z 158.6K followers, 76.3K engagements "π¨ Pickett USA Engineering data dump for sale - [-----] GB of engineering data from major U.S. electricity utilities. Clients affected: Tampa Electric Company (TECO) Duke Energy Florida (DEF) American Electric Power (AEP) Data exposed (139.1 GB - [---] files): 800+ classified raw LiDAR point cloud files (.las format [---] MB to 2+ GB each) Transmission line corridors and substations coverage High resolution orthophotos (.ecw format up to [---] MB per project) MicroStation design files (.dgn) and PTC settings Vegetation feature files (up to [--] GB) Fixed price: [---] Bitcoin (BTC) or Monero (XMR)" [X Link](https://x.com/DarkWebInformer/status/2006842644446708216) 2026-01-01T21:39Z 158.6K followers, [----] engagements "βThreat actor auctioning RDP access to an Italian manufacturing company π Italy Access Type: RDP Privileges: Domain User Hosts: [--] Threat Actor: Big-Bro Samples: No Auction Details: Start: $850 Step: $250 Flash/Blitz: $1500" [X Link](https://x.com/DarkWebInformer/status/2009421359064207661) 2026-01-09T00:25Z 158.5K followers, [----] engagements "0APT Ransomware Claim [--] Victims π FutureTech AI Urban Outfitters Ltd π National Rail Network CryptoVault Exchange Elite Hospitality Group Noble Pharma π Rapid Courier Services π Global News Corp π Zenith Telecom π Visionary Architects π Titan Construction π Metro General Hospital Obsidian Tech Labs π Diamond Deep Drilling π Solaris Renewable Energy π Sapphire Jewelry π Pacific Ocean Cargo π IronClad Security π Emerald Agriculture π GreenValley Agriculture π Crimson Fashion House π Golden Chip Casino π EduTech Systems Silver City Bank π Unity Insurance π Blue Water" [X Link](https://x.com/DarkWebInformer/status/2017301575270592732) 2026-01-30T18:19Z 158.5K followers, [----] engagements "Lol this site is so dumb. https://stopice.net/securitycamera.shtml Not sure if sensitive or not since some tokens/keys are fine to be in the frontend (think Cloudflare turnstile). My secret finder found a Google API Key in this Stopice.net site. I'm not a Google nerd obviously so maybe someone would know. If so. yikes. π€·β https://t.co/UveVTqjRVs https://stopice.net/securitycamera.shtml Not sure if sensitive or not since some tokens/keys are fine to be in the frontend (think Cloudflare turnstile). My secret finder found a Google API Key in this Stopice.net site. I'm not a Google nerd" [X Link](https://x.com/DarkWebInformer/status/2017679033354350788) 2026-01-31T19:19Z 158.5K followers, [----] engagements "500 "validated" Fortinet VPN credentials collected from stealer logs are being auctioned with duplicates removed and validity confirmed via Tmchecker across multiple countries. The auction starts at $1500 with a flash price of $3000" [X Link](https://x.com/DarkWebInformer/status/2019078850433462415) 2026-02-04T16:01Z 158.5K followers, [----] engagements "0APT has claimed [--] victims. Newly named as of Jan [--] the group is already calling out some MAJOR organizations. Possible scam group HCA Healthcare (UK Private Division) Vestas Wind Systems Edwards Lifesciences Keysight Technologies Hologic Galderma Sysmex Corporation Align Technology Snap-on Incorporated Varian Medical Systems Bruker BioSpin Teledyne Technologies Terumo Corporation Xylem Inc. bioMrieux Ingersoll Rand Masimo Halma PerkinElmer Zebra Technologies Andritz Group Prince Court Medical Hexagon AB Al-Futtaim Conglomerate Sandvik Coromant Teleflex ResMed Epworth Private Healthcare" [X Link](https://x.com/DarkWebInformer/status/2019094375486120107) 2026-02-04T17:03Z 158.6K followers, [----] engagements "Threat Actor Claims Breach of Loxam Delivery Operations Offers 828K Records Spanning [--------] https://darkwebinformer.com/threat-actor-claims-breach-of-loxam-delivery-operations-offers-828k-records-spanning-2020-2026/ https://darkwebinformer.com/threat-actor-claims-breach-of-loxam-delivery-operations-offers-828k-records-spanning-2020-2026/" [X Link](https://x.com/DarkWebInformer/status/2019102251923689706) 2026-02-04T17:34Z 158.6K followers, [----] engagements "139 TB of data No shot" [X Link](https://x.com/DarkWebInformer/status/2019145752308806075) 2026-02-04T20:27Z 158.6K followers, 180.3K engagements "The IOC darkforums.io domain has been suspended. The new IOC domain is darkforums.me" [X Link](https://x.com/DarkWebInformer/status/2019169526772818087) 2026-02-04T22:01Z 158.6K followers, 23.7K engagements "Access to a large EU-based Magento 2.4.7 sports shop is being auctioned with iframe card capture already in place. The site reportedly processed [-----] cards in December [------] in January and [-----] so far in February. The auction starts at $30000 with a blitz price of $50000. https://twitter.com/i/web/status/2019484377852571927 https://twitter.com/i/web/status/2019484377852571927" [X Link](https://x.com/DarkWebInformer/status/2019484377852571927) 2026-02-05T18:52Z 158.6K followers, [----] engagements "Dutch authorities just seized one Windscribe VPN server without a warrant claiming they'll return it after they "fully analyze it." They say their real concern "is the unredacted Epstein files we had on there."" [X Link](https://x.com/DarkWebInformer/status/2019566927782506890) 2026-02-06T00:20Z 158.6K followers, 15.9K engagements "π₯ Working on a new open source script that will be uploaded to GitHub sometime this month. It scans a base domain (example darkforums) across 224+ TLDs to find every registered variant. For each hit it pulls DNS records WHOIS registration data (registrar creation date registrant) TLS certificates and HTTP details including the page title. It flags newly registered domains suspicious TLDs parked pages and privacy-protected WHOIS. It outputs clickable terminal links auto-saves results to JSON with scan-over-scan diffing to catch new registrations. Python code with no APIs no dependencies no" [X Link](https://x.com/DarkWebInformer/status/2019824487198347427) 2026-02-06T17:24Z 158.5K followers, [----] engagements "β A threat actor is auctioning domain admin access to a U.S. construction management company with an estimated revenue of $20 million. The listing specifies Fortinet VPN access with SentinelOne antivirus in place. The auction starts at $2000 with a $500 step and a blitz price of $4000. https://twitter.com/i/web/status/2020895111630979114 https://twitter.com/i/web/status/2020895111630979114" [X Link](https://x.com/DarkWebInformer/status/2020895111630979114) 2026-02-09T16:18Z 158.5K followers, [----] engagements "French Insurance Company Maxance Allegedly Breached 348K Customer Records Leaked https://darkwebinformer.com/french-insurance-company-maxance-allegedly-breached-348k-customer-records-leaked/ https://darkwebinformer.com/french-insurance-company-maxance-allegedly-breached-348k-customer-records-leaked/" [X Link](https://x.com/DarkWebInformer/status/2020899228797501702) 2026-02-09T16:34Z 158.6K followers, [----] engagements "Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Allegedly Exposes Thousands of Instances (CVE-2026-1731) https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/ https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/" [X Link](https://x.com/DarkWebInformer/status/2021270130286567584) 2026-02-10T17:08Z 158.5K followers, [----] engagements "Access to the Colombian Government Emergency Response Agency is being sold for $300 with root RCE shell and network admin panel on a Linux firewall device" [X Link](https://x.com/DarkWebInformer/status/2021346448366010793) 2026-02-10T22:12Z 158.6K followers, 61.4K engagements "Root RCE and full admin panel access to a Chinese agentic AI edge-as-a-service (EaaS) corporation is being sold for $200. The target runs Linux with firewall device access" [X Link](https://x.com/DarkWebInformer/status/2021346913707282588) 2026-02-10T22:13Z 158.6K followers, 10.8K engagements "1/3 Domain admin access to a Moroccan manufacturing company with $20M in revenue is being auctioned. The listing specifies Sophos VPN with Trend Micro antivirus. Auction starts at $1500 with a blitz price of $3500" [X Link](https://x.com/DarkWebInformer/status/2021622087828279801) 2026-02-11T16:27Z 158.6K followers, [----] engagements "CVE-2024-27564: OpenAI ChatGPT Server-Side Request Forgery PoC: Vulnerable Parameter : pictureproxy.phpurl=payload A vulnerability in pictureproxy.php allows remote attackers to perform arbitrary requests by injecting URLs into the url parameter. This SSRF vulnerability can be exploited without authentication. https://github.com/chsxthwik/CVE-2024-27564 https://github.com/chsxthwik/CVE-2024-27564" [X Link](https://x.com/DarkWebInformer/status/2021648292627550220) 2026-02-11T18:11Z 158.5K followers, [----] engagements "Video Credit: Video Date: September 14th [----] http://youtube.com/@Quantum-Hacker http://youtube.com/@Quantum-Hacker" [X Link](https://x.com/DarkWebInformer/status/2021648295425388759) 2026-02-11T18:11Z 158.6K followers, [----] engagements "I simplified the UI for the GitHub advisories. The additional details. CWE references timestamps etc are now available in the detail modal. It's not complete but it's getting there. π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking it will be available at the end of February but I haven't decided on what tier. Faster loading and filtering - Searching sorting and switching https://t.co/3qSEmilOIt π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking" [X Link](https://x.com/DarkWebInformer/status/2021653109282681216) 2026-02-11T18:30Z 158.6K followers, [----] engagements "I made some changes to the Keyword Notifications which only works for new blog posts. It is streamlined to use the same notification setup as the threat feeds but applies to blog posts to not interfere. Be sure to setup browser notifications for the threat feeds separately" [X Link](https://x.com/DarkWebInformer/status/2021674304530755807) 2026-02-11T19:54Z 158.5K followers, [----] engagements "PLAY Ransomware has added four new victims to its leak site: Northbridge A commercial real estate investment and development firm. Makivik The legal representative corporation for Inuit beneficiaries of the James Bay and Northern Quebec Agreement. Catalanatto & Barnes A certified public accounting and advisory firm. Altak A construction and industrial services company. http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com" [X Link](https://x.com/DarkWebInformer/status/2021680747573104926) 2026-02-11T20:20Z 158.6K followers, [----] engagements "$1000 Bug Bounty 2FA bypass due to CSRF misconfiguration POC on demo website Writeup: https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1 https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1" [X Link](https://x.com/DarkWebInformer/status/2021730355141579212) 2026-02-11T23:37Z 158.6K followers, 13.4K engagements "β Brillen (operated by SuperVista AG) dataset allegedly leaked π Germany Type: Data Breach Threat actor: Meow Records: [-------] A forum post claims that Brillen a German eyewear retailer operated by SuperVista AG suffered a data breach in September [----] resulting in over [---] million rows of user data being compromised. The actor states the company fixed the vulnerability internally without making a public announcement. Data includes: First name last name email contact number DOB gender age street address postal code and city" [X Link](https://x.com/DarkWebInformer/status/2021970537816179051) 2026-02-12T15:31Z 158.6K followers, [----] engagements "Odido Telecom Says Customer Data Compromised in Cyberattack The breach involves personal data from a customer contact system used by Odido. Approximately [---] million accounts are said to be affected. The intrusion was discovered several days ago. The following data was exposed according to Obido: Full name Address and city of residence Mobile number Customer number Email address IBAN (bank account number) Date of birth Identification details (passport or driver's license number and expiration date)" [X Link](https://x.com/DarkWebInformer/status/2021977514747302324) 2026-02-12T15:59Z 158.6K followers, [----] engagements "Source links go to the vendor's decryptor page not direct downloads. If you know of a link to a guide/decryptor source that isn't listed/missing. Let me know and I will verify and add it" [X Link](https://x.com/DarkWebInformer/status/2022001388004479386) 2026-02-12T17:34Z 158.6K followers, [----] engagements "New Forum: TierOne a/k/a T1erOne jprrin6bqe3flvtpyxkt4zsmzc3u6vvn7ahgtcbul224w3xn4h3gawid.onion t1eron3.vip Credit: @club31337" [X Link](https://x.com/DarkWebInformer/status/2022004161458712898) 2026-02-12T17:45Z 158.5K followers, 13K engagements "Threat Attack Update - February 12th [----] https://darkwebinformer.com/threat-attack-update-february-12th-2026/ https://darkwebinformer.com/threat-attack-update-february-12th-2026/" [X Link](https://x.com/DarkWebInformer/status/2022087028452786610) 2026-02-12T23:14Z 158.6K followers, [----] engagements "Email with the new design came broken will be fixed for tomorrow's email. View from the website instead" [X Link](https://x.com/DarkWebInformer/status/2022099556629094903) 2026-02-13T00:04Z 158.6K followers, [----] engagements "I am no longer posting on Infosec Exchange or Telegram. Infosec Exchange was never really for me and Telegram has become difficult to manage with six channels. Its more manageable to focus on just two platforms (X and Discord) instead of having to follow up on [--]. It also makes things easier not having to copy and paste content across multiple socials. I will still be hiding on Telegram just not posting. I also do not have a username there. Other than that everything else remains the same when it comes to seeing posts on social media. http://darkwebinformer.com/socials" [X Link](https://x.com/DarkWebInformer/status/2022110554425336016) 2026-02-13T00:48Z 158.6K followers, [----] engagements "ShinyHunters claims Figure Technology Solutions Inc. as a victim" [X Link](https://x.com/DarkWebInformer/status/2022121228883177676) 2026-02-13T01:30Z 158.6K followers, [----] engagements "π¨176 transfers have been made from the Silk Road crypto wallet in the last [--] hours https://intel.arkm.com/explorer/entity/silk-road https://intel.arkm.com/explorer/entity/silk-road" [X Link](https://x.com/DarkWebInformer/status/1998546770859798576) 2025-12-10T00:14Z 158.6K followers, 316.3K engagements "π§leaker: A leak discovery tool that returns valid credential leaks for emails using passive online sources. GitHub: Nice password examples π https://github.com/vflame6/leaker https://github.com/vflame6/leaker" [X Link](https://x.com/DarkWebInformer/status/2010796350607335435) 2026-01-12T19:29Z 158.6K followers, 120.2K engagements "In October [----] a critical server-side flaw in Instagram made it possible for unauthenticated attackers to view private photos and captions without needing to log in or to follow the account. Instagram silently patched the vulnerability. Heres how the PoC worked" [X Link](https://x.com/DarkWebInformer/status/2015814625502076963) 2026-01-26T15:50Z 158.6K followers, 28.9K engagements "CVE-2026-24061: Telnet RCE Exploit GitHub: This script exploits the CVE-2026-24061 vulnerability in Telnet servers using a malformed USER environment variable. CVSS: [---] Usage: python telnet_rce.py host -p port Arguments: host: Target IP address or hostname (required) -p --port: Target port (default: 23) Example: python telnet_rce.py 192.168.1.100 python telnet_rce.py -p [--] http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061 http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061" [X Link](https://x.com/DarkWebInformer/status/2015939270662619431) 2026-01-27T00:05Z 158.6K followers, 46.6K engagements "β SSL/TLS certificates allegedly belonging to France's Ministry of the Interior and National French Police are being offered for sale. The leak includes [--] files in certificate formats (.crl .der .cer .pem .crt .xml) with the seller indicating additional certificates are available for purchase. https://twitter.com/i/web/status/2019500094383616298 https://twitter.com/i/web/status/2019500094383616298" [X Link](https://x.com/DarkWebInformer/status/2019500094383616298) 2026-02-05T19:55Z 158.6K followers, 12.3K engagements "Webmail credentials for the Argentine Air Force (Fuerza Area Argentina) have been posted freely with screenshots showing access to internal email accounts at webcorreo.faa.mil.ar. The proof includes views of official correspondence personnel documents judicial records and internal communications referencing brigade operations union matters and personnel evaluations. https://twitter.com/i/web/status/2019802419891204119 https://twitter.com/i/web/status/2019802419891204119" [X Link](https://x.com/DarkWebInformer/status/2019802419891204119) 2026-02-06T15:56Z 158.6K followers, [----] engagements "CVE-2025-1974: Kubernetes IngressNightmare Vulnerability CVSS: [---] PoC: PoC Published: March 26th [----] https://github.com/hakaioffsec/IngressNightmare-PoC https://github.com/hakaioffsec/IngressNightmare-PoC" [X Link](https://x.com/DarkWebInformer/status/2021023687680589873) 2026-02-10T00:49Z 158.6K followers, 15.7K engagements "β A data set allegedly from Inter Rapidsimo described as Colombia's largest cargo and courier company has been posted with [------] customer records. The dump is dated February [----] and includes user IDs names passwords phone numbers emails addresses authentication data API tokens location IDs registration numbers and internal platform settings. http://interrapidisimo.com http://interrapidisimo.com" [X Link](https://x.com/DarkWebInformer/status/2021242943382634666) 2026-02-10T15:20Z 158.6K followers, 62.3K engagements "Domain user access to a Saudi Arabian airports and air services transportation company with $650K+ in revenue is being auctioned. The listing claims RDWEB access [--] domain controllers [----] domain computers a publicly traded company (stock symbol noted) and Micro Trend antivirus. Auction starts at $3500 with a blitz price of $4500. https://twitter.com/i/web/status/2021265154281804055 https://twitter.com/i/web/status/2021265154281804055" [X Link](https://x.com/DarkWebInformer/status/2021265154281804055) 2026-02-10T16:49Z 158.6K followers, [----] engagements "Access to Peru's capital regional government portal is being sold for $200 with root RCE shell and network admin panel on a Linux firewall device" [X Link](https://x.com/DarkWebInformer/status/2021346696610164895) 2026-02-10T22:13Z 158.6K followers, [----] engagements "β BD Anonymous targeted the website of Tel Aviv University" [X Link](https://x.com/DarkWebInformer/status/2021697379968159957) 2026-02-11T21:26Z 158.6K followers, [----] engagements "Video Credit: http://youtube.com/@ByPandemonium http://youtube.com/@ByPandemonium" [X Link](https://x.com/DarkWebInformer/status/2021985397937774879) 2026-02-12T16:31Z 158.6K followers, [----] engagements "π₯ Ransomware Decryptor Database: A free searchable database of 150+ ransomware decryption tools. Search by name file extension or vendor. Mostly sourced from the No More Ransom Project. https://darkwebinformer.com/ransomware-decryptor-database/ https://darkwebinformer.com/ransomware-decryptor-database/" [X Link](https://x.com/DarkWebInformer/status/2022001385991287161) 2026-02-12T17:34Z 158.6K followers, [----] engagements "And so another chapter begins. A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB" [X Link](https://x.com/DarkWebInformer/status/2022007610753659112) 2026-02-12T17:59Z 158.6K followers, [----] engagements "CISA added one more vulnerability to the KEV Catalog today. CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to" [X Link](https://x.com/DarkWebInformer/status/2022048243635376174) 2026-02-12T20:40Z 158.6K followers, [----] engagements "Ransomware Attack Update - February 12th [----] https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/" [X Link](https://x.com/DarkWebInformer/status/2022076530885824792) 2026-02-12T22:33Z 158.6K followers, [----] engagements "A threat actor is selling an alleged critical severity OpenSea 0-day exploit chain for $100000 USD (BTC/XMR). The threat actor claims the exploit affects OpenSea's Seaport order validation logic on Ethereum Main Net Polygon and Blast enabling forced transfer of high-value NFTs at [--] ETH bypassing listing approvals and working on both active and inactive listings. The seller claims the vulnerability is unpatched and undisclosed. https://twitter.com/i/web/status/2022081741196869905 https://twitter.com/i/web/status/2022081741196869905" [X Link](https://x.com/DarkWebInformer/status/2022081741196869905) 2026-02-12T22:53Z 158.6K followers, 92.6K engagements "Daily Dose of Dark Web Informer - February 12th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/" [X Link](https://x.com/DarkWebInformer/status/2022097808715899181) 2026-02-12T23:57Z 158.6K followers, [----] engagements "RAMP Forum = TierOne Forum" [X Link](https://x.com/DarkWebInformer/status/2022349191700226544) 2026-02-13T16:36Z 158.6K followers, [----] engagements "The Gentlemen Claim [--] Victims Gruppo Avanti LSA International Future Bath White Beach Hotel Smart Glass Nile Air City of New Castle Yash Highvoltage Insulators Pvt Ltd" [X Link](https://x.com/DarkWebInformer/status/2022367684290138447) 2026-02-13T17:50Z 158.6K followers, [----] engagements "Zen-AI-Pentest: An Open-Source AI-Powered Penetration Testing Framework Worth Watching https://darkwebinformer.com/zen-ai-pentest-an-open-source-ai-powered-penetration-testing-framework-worth-watching/ https://darkwebinformer.com/zen-ai-pentest-an-open-source-ai-powered-penetration-testing-framework-worth-watching/" [X Link](https://x.com/DarkWebInformer/status/2022377229972304363) 2026-02-13T18:28Z 158.6K followers, [----] engagements "Thalha Jubair [--] and Owen Flowers [--] the two teenagers allegedly tied to Scattered Spider and behind the 39m cyber-attack on Transport for London are kept behind bars as their trial date is confirmed for June 8th [----]. https://www.dailymail.co.uk/news/article-15557187/Teenagers-accused-39m-cyber-attack-Transport-London-trial-date.html https://www.dailymail.co.uk/news/article-15557187/Teenagers-accused-39m-cyber-attack-Transport-London-trial-date.html" [X Link](https://x.com/DarkWebInformer/status/2022410363132899356) 2026-02-13T20:39Z 158.6K followers, [----] engagements "The Archaeological Institute of America (archaeological.org) the oldest and largest archaeological organization in North America has been claimed a victim to INTERLOCK Ransomware. Claims: [---] GB of data - [------] files across [-----] folders Includes Archive (121.1GB) QuickBooks (5.4GB) Workgroup (547.8GB) and test (175.1GB) directories https://twitter.com/i/web/status/2022431884060279046 https://twitter.com/i/web/status/2022431884060279046" [X Link](https://x.com/DarkWebInformer/status/2022431884060279046) 2026-02-13T22:05Z 158.6K followers, [----] engagements "CISA has added one vulnerability to the KEV Catalog CVE-2026-1731: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise including unauthorized access data exfiltration and service disruption" [X Link](https://x.com/DarkWebInformer/status/2022469846688997501) 2026-02-14T00:36Z 158.6K followers, [----] engagements "A threat actor claims to have leaked data from Noel Gifts International Ltd a corporate gifting company. The alleged compromised dataset contains [-----] customer records [-----] cloud storage files including customer IDs company names contact persons phone numbers email addresses delivery addresses assigned sales representatives credit limits and payment terms. https://twitter.com/i/web/status/2022511112718086631 https://twitter.com/i/web/status/2022511112718086631" [X Link](https://x.com/DarkWebInformer/status/2022511112718086631) 2026-02-14T03:20Z 158.6K followers, [----] engagements "A threat actor claims to have leaked data from Free. The exposed dataset reportedly contains [----] million customer records including internal user IDs login numbers email addresses account status details full names and postal addresses" [X Link](https://x.com/DarkWebInformer/status/2022541562945634621) 2026-02-14T05:21Z 158.6K followers, 20.1K engagements "β A threat actor claims to be selling access to Inmobiliaria Ras Baixas for $50" [X Link](https://x.com/DarkWebInformer/status/2022703200034304280) 2026-02-14T16:03Z 158.6K followers, [----] engagements "Pangolin: The Self-Hosted Tunneled Reverse Proxy That's Quietly Replacing Cloudflare Tunnels https://darkwebinformer.com/pangolin-the-self-hosted-tunneled-reverse-proxy-thats-quietly-replacing-cloudflare-tunnels/ https://darkwebinformer.com/pangolin-the-self-hosted-tunneled-reverse-proxy-thats-quietly-replacing-cloudflare-tunnels/" [X Link](https://x.com/DarkWebInformer/status/2022719983189434737) 2026-02-14T17:09Z 158.6K followers, [----] engagements "A threat actor claims to have leaked [----] GB of data from Prefeitura de Fortaleza the municipal government of Fortaleza Brazil. The allegedly compromised dataset reportedly includes record IDs user IDs names email addresses phone numbers and state information" [X Link](https://x.com/DarkWebInformer/status/2022731061914939765) 2026-02-14T17:54Z 158.6K followers, [----] engagements "A threat actor claims to be selling data from Immovalie a France-based real estate agency. The allegedly compromised dataset reportedly includes company database files such as internal documents logs XML files PDFs and other business-related records" [X Link](https://x.com/DarkWebInformer/status/2022768810420273320) 2026-02-14T20:24Z 158.6K followers, [----] engagements "Canada Goose has been claimed a victim to ShinyHunters" [X Link](https://x.com/DarkWebInformer/status/2022772873044034047) 2026-02-14T20:40Z 158.6K followers, 10.8K engagements "A threat actor claims to be selling [---] million records from the French Athletics Federation Frances national athletics governing body. The allegedly compromised dataset reportedly includes [-------] unique email addresses and [------] unique phone numbers along with associated names phone numbers email addresses physical addresses and additional member information" [X Link](https://x.com/DarkWebInformer/status/2022778121985155078) 2026-02-14T21:01Z 158.6K followers, [----] engagements "A threat actor claims to have leaked [----] records from ITTell an IT services provider. The allegedly compromised dataset reportedly includes full names phone numbers addresses last communication details and additional information. The data was reportedly breached on [--] September 2025" [X Link](https://x.com/DarkWebInformer/status/2022783909721968887) 2026-02-14T21:24Z 158.6K followers, [----] engagements "A threat actor claims to be selling full administrative access to a Canada-based WordPress website including complete admin panel privileges and access to installed plugins" [X Link](https://x.com/DarkWebInformer/status/2022790956068876614) 2026-02-14T21:52Z 158.6K followers, [----] engagements "A threat actor claims to be selling unauthorized FortiVPN and RDP access to a U.S.-based human resources organization. The advertised access reportedly includes local administrator and domain user privileges as well as connectivity to two domain controllers" [X Link](https://x.com/DarkWebInformer/status/2022799261298274383) 2026-02-14T22:25Z 158.6K followers, [----] engagements "ClawBands: A Security Middleware That Puts Human-in-the-Loop Controls on OpenClaw AI Agents https://darkwebinformer.com/clawbands-a-security-middleware-that-puts-human-in-the-loop-controls-on-openclaw-ai-agents/ https://darkwebinformer.com/clawbands-a-security-middleware-that-puts-human-in-the-loop-controls-on-openclaw-ai-agents/" [X Link](https://x.com/DarkWebInformer/status/2022804202985042014) 2026-02-14T22:44Z 158.6K followers, [----] engagements "A threat actor claims to have gained administrator access to grancabot.es a Spain-based website stating they were able to export the entire site and its contact database and upload a remote code execution (RCE) file. The actor alleges the access does not include root privileges but claims escalation is possible and further states that up to [--] additional websites hosted on the same server were identified" [X Link](https://x.com/DarkWebInformer/status/2022810333828780283) 2026-02-14T23:09Z 158.6K followers, [----] engagements "Refloow Geo Forensics: A high-performance open-source digital forensics tool designed for investigators OSINT practitioners and security analysts. GitHub: https://github.com/Refloow/Refloow-Geo-Forensics https://github.com/Refloow/Refloow-Geo-Forensics" [X Link](https://x.com/DarkWebInformer/status/2022823635321278872) 2026-02-15T00:01Z 158.6K followers, [----] engagements "A threat actor claims to be offering a dataset containing [----] records related to the Retired Officials Association of Bank of Baroda Zone Jaipur tied to Bank of Baroda an Indian public sector bank. The post states the data is from [----] and provided in CSV format allegedly including membership numbers primary member names phone numbers email addresses and city and region details. https://twitter.com/i/web/status/2022823672130744458 https://twitter.com/i/web/status/2022823672130744458" [X Link](https://x.com/DarkWebInformer/status/2022823672130744458) 2026-02-15T00:02Z 158.6K followers, [----] engagements "A threat actor claims to have leaked a database from MadMonkeyHostels.com a Southeast Asiabased hostel operator. The post alleges the breach occurred in February [----] and states that approximately [-----] customer records were exposed. The advertised dataset reportedly includes customer IDs email addresses MAD level details Firebase user IDs last sign-in dates weekly activity timestamps and login count metrics" [X Link](https://x.com/DarkWebInformer/status/2022835499925409804) 2026-02-15T00:49Z 158.6K followers, [----] engagements "A threat actor claims to have leaked data from Ornikar a French online driving school platform. The allegedly compromised dataset reportedly contains [---] million records including internal user IDs email addresses first and last names dates of birth and phone numbers. This company was previously reported as breached in October 2024" [X Link](https://x.com/DarkWebInformer/status/2022841791460831475) 2026-02-15T01:14Z 158.6K followers, [----] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@DarkWebInformer Dark Web Informer
Several major cybersecurity incidents have been reported recently. A significant data breach allegedly involving [---] billion Discord messages from [--] million users has been claimed, and various companies, including Comcast, Boyd Gaming Corporation, and Stellantis, have confirmed data breaches or cybersecurity incidents. Additionally, law enforcement has seized several dark web marketplaces, including Archetyp and Tradeogre.
Engagements: [-------] #
- [--] Week [-------] -16%
- [--] Month [---------] +0.28%
- [--] Months [----------] +32%
- [--] Year [----------] -32%
Mentions: [---] #
- [--] Week [---] -24%
- [--] Month [---] +47%
- [--] Months [-----] +54%
- [--] Year [-----] -1.90%
Followers: [-------] #
- [--] Week [-------] +1.30%
- [--] Month [-------] +6.30%
- [--] Months [-------] +25%
- [--] Year [-------] +70%
CreatorRank: [-------] #
Social Influence
Social category influence technology brands 13.79% countries 12.32% stocks 11.82% finance 7.88% social networks 5.91% cryptocurrencies 1.97% travel destinations 1.97% celebrities 0.99% exchanges 0.49% gaming 0.49%
Social topic influence actor #92, company #779, data 3.94%, shell #756, to the 3.45%, step #1136, update 2.96%, telegram 2.46%, discord 2.46%, $googl 2.46%
Top accounts mentioned or mentioned by @noo_idcard @lakle1308 @intcyberdigest @snagg @rxerium @securelayer7 @fbiopenup @darkwebintelbot @okta @bleepingcomputer @quantumhacker @sharp4882fabypassonprivatebugbountyprogramduetocsrftokenmisconfiguration5a9c82151a1 @club31337 @bypandemonium @vinibarbosabr @chrizbreeze88 @tmppbr @badvalla40301 @_someone_els @mnovofastovsky
Top assets mentioned Alphabet Inc Class A (GOOGL) Cloudflare, Inc. (NET) Microsoft Corp. (MSFT) Ethereum (ETH) CarMax, Inc (KMX) Bumble Inc. (BMBL) SolarWinds Corporation Common Stock (SWI)
Top Social Posts
Top posts by engagements in the last [--] hours
"π¨Alleged Data Breach of Hotel Regina Isabella 30K+ Guest Passport & ID Scans Industry: Hospitality / Luxury Resorts Threat Actor: mydocs Forum: DarkForums Network: Clearnet Dark Web Details: A threat actor is selling over [-----] high-resolution scans and photos of guest identity documents allegedly obtained from a private source linked to Hotel Regina Isabella a high-end resort located in Ischia Italy. The dataset includes a wide variety of global ID types and document formats. Leaked data includes: 30K+ guest identity document scans Document types: Passports (EU US Middle East) Italian ID"
X Link 2025-08-05T15:26Z 158.1K followers, [----] engagements
"π¨ Simon Property Group has Fallen Victim to MEDUSA Ransomware π United States Industry: Real Estate / Retail Threat Actor: Unverified (Dark Web Listing) Network: Dark Web π§ A ransomware group has allegedly listed Simon Property Group as a victim of ransomware. The listing claims to include sensitive company data and employee information from the real estate investment trust (REIT) headquartered in Indianapolis Indiana. Simon Property Group owns and operates major U.S. retail and outlet centers including Premium Outlets and The Mills. https://twitter.com/i/web/status/1983565405743391027"
X Link 2025-10-29T16:03Z 158.4K followers, [----] engagements
"π¨ New Ransomware Claims Posted Today Anubis Trumbull County Benzona CoinbaseCartel Renesas Electronics DataCarry Camomilla Dragonforce Jack Levine Precision Compounding Embargo Everest Benchmark Electronics Inc Handala From Shield to Shame Incransom Kazu CT Dent Ltd Lynx Trucash Nightspire Ermat Grup Nova ANG BROTHERS (M&E) PTE. LTD. (P3) qilin Canvas Church Diesel Electric Kasapreko Khazzan Logistics Towerstream UniqueTech Engineering Rhysida SODISE http://www.toc.co.jp http://www.mylawcompany.com http://bennett.edu https://twitter.com/i/web/status/1997442252587831655"
X Link 2025-12-06T23:05Z 158.2K followers, [----] engagements
"π¨ Alleged Sale of Major Web3 Rewards Platform Database Affecting 467K Users"
X Link 2025-12-23T22:26Z 158K followers, [----] engagements
"π¨ Threat actor selling 340GB of data allegedly obtained from impacting French energy and construction sector entities including EDF Power Plants and multiple Eiffage and Bouygues-related projects advertised on a dark web forum. π France Industry: Energy/Construction Type: Data Leak Threat Actor: Angel_Batista Samples: Yes Major companies affected: - lectricit de France SA (93.7 GB) - Data from EDF Power Plant including CRUAS GRAVELINES BUGEY ST LAURENT DAMPIERRE and TRICASTIN - Eiffage S.A. (153 GB) - Eiffage Construction/Energie/Genie Civil/Immobilier/Rail Additional companies (full list"
X Link 2026-01-05T15:30Z 158.3K followers, [----] engagements
"Warren County Sheriffs Office has been claimed a victim to RansomHouse Ransomware"
X Link 2026-01-23T18:17Z 156.8K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2024-37079: Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability CVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability CVE-2025-31125: Vite Vitejs Improper Access Control Vulnerability CVE-2025-54313: Prettier eslint-config-prettier Embedded Malicious Code Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/"
X Link 2026-01-23T19:52Z 156.5K followers, [----] engagements
"ShinyHunters Claims CarMax Inc. as a victim"
X Link 2026-01-24T00:45Z 157.9K followers, 38.8K engagements
"I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange Telegram Discord. My last known follower account was 12.8K. π«‘ https://twitter.com/i/web/status/2016170657571062030 https://twitter.com/i/web/status/2016170657571062030"
X Link 2026-01-27T15:25Z 156.7K followers, 21.5K engagements
"3000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup: https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261 https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261"
X Link 2026-01-27T21:41Z 156.7K followers, 24K engagements
"Cl0p Ransomware Claims [--] More Victims Nextphaze Etto Australia The Hale Road MRA Group Podiatry WA RMW Group Ventnor Y Architecture Studio Roberts Designs Sky Excavations Whole IT"
X Link 2026-01-28T01:17Z 156.6K followers, [----] engagements
"ShinyHunters Claims Match Group Data Leak: 10M Hinge Match & OkCupid Records and Internal Documents Exposed (1.7GB)"
X Link 2026-01-28T02:44Z 157.3K followers, [----] engagements
"β Sorb claims to sell 897K Cuban student records from Ministry of Higher Education including ID cards political affiliation military details and parents' information"
X Link 2026-01-28T16:28Z 157.9K followers, [----] engagements
"Bumble Inc has been claimed a victim to ShinyHunters Files primarily from Google Drive and Slack [--] GB (Compressed)"
X Link 2026-01-28T20:37Z 158.4K followers, [----] engagements
"Leaking the phone number of any Google user ($5k bounty) This vulnerability was submitted to Google's VRP program and awarded a $5000 bounty. It has since been patched. Writeup: https://brutecat.com/articles/leaking-google-phones https://brutecat.com/articles/leaking-google-phones"
X Link 2026-01-28T21:38Z 156.7K followers, 97.3K engagements
"RAMP4u admin panel user list and messages allegedly up for sale after being seized yesterday by law enforcement"
X Link 2026-01-29T15:50Z 156.7K followers, 16.7K engagements
"Threat Actor "ally549" is Allegedly Selling Fresh [----] SSN+DOB+DL Fullz Data Covering USA UK and Canada with Over [---] Million Records"
X Link 2026-01-29T17:56Z 156.5K followers, 11.1K engagements
"SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine. This could be exploited without authentication. CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited would allow a"
X Link 2026-01-29T18:10Z 156.7K followers, [----] engagements
"Advisories: https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551 https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551"
X Link 2026-01-29T18:10Z 156.6K followers, [----] engagements
"Why Hackers Get Caught (Bad OPSEC)"
X Link 2026-01-29T18:35Z 157.3K followers, 10.1K engagements
"CVE-2026-1056: Snow Monkey Forms = 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal PoC/Exploit: CVSS: [---] CVE Published: January 28th [----] Advisory: https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC"
X Link 2026-01-29T21:15Z 156.5K followers, [----] engagements
"A XSS vulnerability took control of BreachForums about an hour and a half ago. It has since been fixed. Credit: Nicotine"
X Link 2026-01-29T21:39Z 157.4K followers, 48.5K engagements
"β A threat actor known as "butcher" is auctioning [---] US credit cards (38 credit/62 debit) allegedly obtained via phishing with a starting bid of $800 and a flash price of $1200 claiming 85-95% validity"
X Link 2026-01-30T01:02Z 158.5K followers, [----] engagements
"John (Lick) launched a Discord Wumpus-themed token that spiked to roughly a $3 million market cap. Insiders quickly dumped their holdings collectively pocketing over $200k in profits. John rug pulled his community & then deleted his Telegram account https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2 https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2"
X Link 2026-01-30T17:37Z 158.3K followers, 28.7K engagements
"β GoodL7 PROOF targeted the website of Petroleum Authority of Brunei Darussalam"
X Link 2026-01-30T18:34Z 157.7K followers, [----] engagements
"β A threat actor has allegedly leaked data from Iberdrola a Spanish multinational energy company claiming [----] files were exfiltrated on May [--] [----] containing customer account details phone numbers DNI/NIF identification addresses IBAN numbers and service information. https://twitter.com/i/web/status/2017338728562242008 https://twitter.com/i/web/status/2017338728562242008"
X Link 2026-01-30T20:46Z 156.6K followers, [----] engagements
"β More malware source code"
X Link 2026-01-31T00:44Z 157.4K followers, 28.8K engagements
"Hearing a lot about Stopice.net having plate tracker images defaced and then the website being completely hacked all within the last [--] hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year. This is some of the information I was able to gather. A lot of errors show up in the console when visiting the site the JS/CSS path is completely open among other things. It's definitely incredibly vulnerable. IP: 216.243.62.131 ASN: [-----] ASName: Wave Broadband Server: openresty cPanel: Webmail: /js/ /css/ Stop ICE Raids Alert Network: IP: 15.235.11.14"
X Link 2026-01-31T02:48Z 158.4K followers, 24.1K engagements
"Not sure if sensitive or not since some tokens/keys are fine to be in the frontend (think Cloudflare turnstile). My secret finder found a Google API Key in this Stopice.net site. I'm not a Google nerd obviously so maybe someone would know. If so. yikes. π€·β Hearing a lot about Stopice.net having plate tracker images defaced and then the website being completely hacked all within the last [--] hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year. This is some of the information I https://t.co/0VvxGIX3Ih Hearing a lot about Stopice.net having"
X Link 2026-01-31T17:49Z 158.4K followers, 12.7K engagements
"The PoC CVE Explorer is coming along. There is obviously no way to verify almost 90K or so PoCs so I placed a disclaimer at the top. Also enriching with the details of the repo is kind of a pain. This is still likely available at the end of February at the earliest. No spot checks have been done yet either. https://twitter.com/i/web/status/2017666263745474919 https://twitter.com/i/web/status/2017666263745474919"
X Link 2026-01-31T18:28Z 157.4K followers, [----] engagements
"@IntCyberDigest sup my guy @_snagg"
X Link 2026-02-01T01:01Z 157.5K followers, 30.9K engagements
"CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths GitHub: https://github.com/Ashwesker/Ashwesker-CVE-2026-1281 https://github.com/Ashwesker/Ashwesker-CVE-2026-1281"
X Link 2026-02-01T21:13Z 156.6K followers, [----] engagements
"Polycom now by the name Poly Inc. has fallen victim to Everest Ransomware Allegedly [--] GB of data stolen Revenue: $1.73 Billion (FY 2021)"
X Link 2026-02-01T22:50Z 157.9K followers, [----] engagements
"Iron Mountain has been claimed a victim to Everest Ransomware Iron Mountain is a large publicly traded information management firm generating around $6.6 billion in annual revenue"
X Link 2026-02-02T00:24Z 156.8K followers, [----] engagements
"A threat actor is selling a hidden crypto contract checker tool built in Go for $15000 ($12000 for the first buyer) which scans EVM addresses across multiple networks including Ethereum BSC Polygon Arbitrum and Avalanche to identify contracts with hidden balances not detected by platforms like DeBank with lifetime updates and planned XMR Monero and Solana support. https://twitter.com/i/web/status/2018362829015781760 https://twitter.com/i/web/status/2018362829015781760"
X Link 2026-02-02T16:36Z 158.1K followers, 31.8K engagements
"AutoPentestX - Linux Automated Pentesting & Vulnerability Reporting Tool GitHub: https://github.com/Gowtham-Darkseid/AutoPentestX https://github.com/Gowtham-Darkseid/AutoPentestX"
X Link 2026-02-02T18:16Z 158.4K followers, 38.2K engagements
"rxerium-templates: Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities. GitHub: Vouch. I have posted a lot of his repos in the past. https://github.com/rxerium/rxerium-templates https://github.com/rxerium/rxerium-templates"
X Link 2026-02-02T19:56Z 157.9K followers, [----] engagements
"It's not often I see an .onion to a hacktivist group but here we are. π Onion: http://zwziyr6hbbqmtm7x5peu4dxyrm6wqvw7sdulvcgwcs2yvbx77cjesaad.onion"
X Link 2026-02-02T21:56Z 156.6K followers, [----] engagements
"β A threat actor is selling a full database leak from HIMS University in Egypt containing [-----] records across multiple files. The exposed data includes student PII with plaintext passwords Fawry and Banque Misr payment transaction logs Mastercard/Banque Misr payment gateway API credentials and detailed staff bank account information. The asking price starts at $250 in Monero. https://twitter.com/i/web/status/2018712420252897719 https://twitter.com/i/web/status/2018712420252897719"
X Link 2026-02-03T15:45Z 157.3K followers, [----] engagements
"A threat actor has leaked a citizen database from the Dominican Republic containing [---] million SQL records and [---] million citizen photos. The exposed data includes cedula numbers names civil status dates of birth sex birthplace blood type and occupation"
X Link 2026-02-03T16:00Z 157.7K followers, [----] engagements
"Confidential military data from SEKISUI Aerospace Corporation a Tier [--] supplier for Boeing 737/787 programs and U.S. military contracts is allegedly being sold for $200000. The [--] GB package reportedly contains ITAR/export-controlled engineering drawings STEP and CATIA files bills of materials with Boeing part numbers tooling and fixture data and 3D assembly models tied to programs for Boeing Commercial Boeing Defense NASA Lockheed Martin and Northrop Grumman. https://twitter.com/i/web/status/2018719471364403300 https://twitter.com/i/web/status/2018719471364403300"
X Link 2026-02-03T16:13Z 158.5K followers, [----] engagements
"OpenClaw on FOFA: FOFA: FOFA Query: app="OpenClaw" [-----] results https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From gatewayUrl CVSS: [---] Advisory: https://t.co/bDatxBUqfx Writeup: https://t.co/ohB3Zhw0fp All versions up to v2026.1.24-1 are vulnerable. Video: Ethiack https://t.co/DlzusBK2NG https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From"
X Link 2026-02-03T17:29Z 157.9K followers, [----] engagements
"β Firewall and network admin panel access to a Chinese finance organization is being sold for $300. The listing claims root RCE plus shell access on a Linux-based firewall device. The seller a known initial access broker is accepting contact through Session"
X Link 2026-02-03T19:04Z 158.3K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/"
X Link 2026-02-03T19:39Z 158K followers, [----] engagements
"CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data https://t.co/sLpMXScxsC https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552"
X Link 2026-02-03T19:40Z 157.9K followers, [----] engagements
"β Data from "Choisir le service public" the French government's official public sector job portal is allegedly being sold. The listing claims to contain records of [------] job seekers with proof screenshots showing candidate profiles including personal details emails phone numbers and application history. https://twitter.com/i/web/status/2018790474115613160 https://twitter.com/i/web/status/2018790474115613160"
X Link 2026-02-03T20:55Z 158.3K followers, [----] engagements
".cz BreachForums is at war with .bf BreachForums and looks like .cz got the .bf clearnet domain suspended. It's currently down. The small screenshot is small because it requires an account to sign in to look at the large snap but I don't have an account yet. It does look legit"
X Link 2026-02-04T01:01Z 157.3K followers, 24K engagements
"Apparently someone is logged into Jeffrey Epstein's Outlook account via Reddit. https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was in the Epstein files. https://t.co/zmntv2QlrY https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was"
X Link 2026-02-04T01:10Z 157.8K followers, 28.3K engagements
"A threat actor has posted three separate listings: China Union Pay: [---] million rows of deduplicated cardholder data allegedly from China UnionPay including phone numbers names national IDs provinces carrier info and dates of birth. Crypto Currency Bundle: A [---] GB compilation of [----] million records spanning dozens of major crypto platforms including Coinbase Binance KuCoin Poloniex Bitfinex and Paxful containing combo credentials email leads and phone-linked customer data. Hong Kong Stock Investment: [------] unique rows allegedly from KGI Asia's platform containing emails phone numbers stock"
X Link 2026-02-04T18:01Z 156.8K followers, [----] engagements
"Your "dark web monitoring" service needs your SSN name and personal details just to watch for leaks. Think about that. Dark Web Informer doesn't need any of that. Sign up with an email choose your tier and start seeing threat actor activity as it happens. That's it. http://darkwebinformer.com http://darkwebinformer.com"
X Link 2026-02-04T18:01Z 156.7K followers, [----] engagements
"Two French educational institutions allegedly breached. Lyce Notre-Dame des Dunes and Lyce Saint-Charles. The data has been posted freely for download. The group also claims to hold [--] TB of unreleased databases from across the French sector totaling [---] million records and is threatening further leaks. https://twitter.com/i/web/status/2019122243687547327 https://twitter.com/i/web/status/2019122243687547327"
X Link 2026-02-04T18:53Z 158.3K followers, [----] engagements
"Threat feed will be down for the next [--] minutes for an update. Will update once back up"
X Link 2026-02-04T19:36Z 156.7K followers, [----] engagements
"OK it's back up. There was a memory leak that should be resolved now. If the feed showed that it failed to load randomly that was the issue. I am monitoring and will adjust if needed. Threat feed will be down for the next [--] minutes for an update. Will update once back up. Threat feed will be down for the next [--] minutes for an update. Will update once back up"
X Link 2026-02-04T19:52Z 156.7K followers, [----] engagements
"A large collection of email-only crypto databases is being offered for sale covering U.S. and mixed geographies from [--------]. The actor is providing a list of available databases and samples with purchases handled via Telegram on a per-database basis"
X Link 2026-02-04T19:57Z 156.8K followers, [----] engagements
"TLDFinder: A streamlined tool for discovering private TLDs for security research. GitHub: TLD based DNS lookups (Passive) TLD based DNS lookups (Active) STD IN/OUT and TXT/JSON output https://github.com/projectdiscovery/tldfinder https://github.com/projectdiscovery/tldfinder"
X Link 2026-02-04T20:08Z 157.9K followers, [----] engagements
"PLAY Ransomware claims [--] victims Woodfield CBH Homes ISTS"
X Link 2026-02-04T20:39Z 156.5K followers, [----] engagements
"A data set for GiftOnCard a Serbia-based gift card platform is being sold with the seller claiming to still have active access. The leak includes [------] web user records with passwords [------] card registration entries and [---] million gift card records containing detailed cardholder PII transaction data and loyalty program information. https://twitter.com/i/web/status/2019151522915930436 https://twitter.com/i/web/status/2019151522915930436"
X Link 2026-02-04T20:50Z 156.7K followers, [----] engagements
"CVE-2026-25049: N8n AI Workflow Remote Code Execution "This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly it can lead to full server compromise depending on deployment configuration." https://twitter.com/i/web/status/2019159982940516686 https://twitter.com/i/web/status/2019159982940516686"
X Link 2026-02-04T21:23Z 156.7K followers, [----] engagements
"Video Credit: http://youtube.com/@SecureLayer7 http://youtube.com/@SecureLayer7"
X Link 2026-02-04T21:23Z 156.6K followers, [----] engagements
"Just a reminder I am no longer posting on LinkedIn see below. I currently only post on the following socials: X Infosec Exchange Telegram Discord. I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange https://t.co/uib5AuBe35 I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by"
X Link 2026-02-04T21:47Z 156.6K followers, [----] engagements
"A known initial access broker is selling firewall and network admin panel access to three government entities: Thailand Government-Owned Visa Program: Root RCE + shell access on a Linux firewall priced at $300. Palestinian Government Agency (Foreign Aid Portal): Same level of access on a Linux firewall priced at $400. Indonesian Government Land Authority: Root RCE + shell + network admin panel on a Linux firewall priced at $300. https://twitter.com/i/web/status/2019169038232944887 https://twitter.com/i/web/status/2019169038232944887"
X Link 2026-02-04T21:59Z 158.4K followers, 10.8K engagements
"Ransomware Attack Update - February 4th [----] https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/"
X Link 2026-02-04T22:21Z 156.7K followers, [----] engagements
"Threat Attack Update - February 4th [----] https://darkwebinformer.com/threat-attack-update-february-4th-2026/ https://darkwebinformer.com/threat-attack-update-february-4th-2026/"
X Link 2026-02-04T22:26Z 156.7K followers, [----] engagements
"Daily Dose of Dark Web Informer - February 4th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/"
X Link 2026-02-04T22:38Z 156.7K followers, [----] engagements
".cz BreachForums was briefly defaced by what looks like a XSS vuln in XenForo. XenForo is a popular forum platform that I have seen used by a lot of actors most of which I have identified in my Threat-Surface repo on GitHub. Credit to antisocial for sending the video"
X Link 2026-02-04T23:08Z 158.2K followers, 15.8K engagements
"Seems the war is far from over"
X Link 2026-02-04T23:08Z 157.3K followers, [----] engagements
"Guardia Civil Dismantled a Bank Mule Network in La Rioja Under Operation Vicentius Spain's Guardia Civil has identified [--] suspects linked to fraud money laundering and unauthorized access to computer systems. The group allegedly operated fake cryptocurrency investment platforms and used remote access software to drain victims' bank accounts and take out loans in their names causing an estimated [------] in total losses. Stolen funds were funneled to accounts in Denmark Lithuania the United Kingdom and China. The investigation remains ongoing as authorities work to trace and recover the money."
X Link 2026-02-05T15:04Z 156.7K followers, [----] engagements
"WordPress admin and shell access to a UK-based online shop is being auctioned. The store processes payments via Stripe iframe with roughly [---] orders across the last three months and a 70% unique order rate. The auction starts at $700 with a blitz price of $1500"
X Link 2026-02-05T15:30Z 157.9K followers, [----] engagements
"Incognito Market Owner "Pharaoh" Sentenced to [--] Years for Running $105M Dark Web Drug Empire Rui-Siang Lin a 24-year-old Taiwanese national who operated under the pseudonym "Pharaoh" was sentenced to [--] years in federal prison on February [--] [----] for running Incognito Market one of the largest dark web narcotics marketplaces ever created. The platform which operated from October [----] until its closure in March [----] facilitated over [------] drug transactions totaling more than $105 million in sales. Its inventory included over [----] kilograms each of cocaine and methamphetamine along with"
X Link 2026-02-05T16:30Z 158K followers, 22.3K engagements
"β Order data from Family Cinema a French movie theater chain is allegedly being sold totaling [------] orders from [-----] unique customers spanning [----] to [----]. The exposed records include emails phone numbers full addresses dates of birth IP addresses payment details and detailed ticket purchase history including film titles and showtime information. A 1000-line sample has been posted freely. https://twitter.com/i/web/status/2019463428323045804 https://twitter.com/i/web/status/2019463428323045804"
X Link 2026-02-05T17:29Z 156.7K followers, [----] engagements
"Two French organizations have allegedly been breached by the same threat actor: Fdration Franaise de la Randonne Pdestre: Data from [------] members of France's national hiking federation is for sale containing [------] unique emails and [------] unique phone numbers from [--------] license holders. CCAS Dunkerque: Records of [-----] individuals receiving social assistance from the Community Center for Social Action in Dunkerque including [-----] unique phone numbers and [-----] unique emails. The data includes family groupings and welfare recipient details."
X Link 2026-02-05T18:32Z 156.7K followers, [----] engagements
"@fbi__open__up He will serve [--] years of supervised release when he serves his prison sentence. "In addition to the prison term LIN [--] of Taiwan was sentenced to five years of supervised release and $105045109.67 in forfeiture." https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online"
X Link 2026-02-05T18:38Z 156.5K followers, [---] engagements
"CISA has added two vulnerabilities to the KEV Catalog CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution. CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability: React Native Community CLI contains an OS command injection"
X Link 2026-02-05T20:27Z 156.7K followers, [----] engagements
"βLeakBase has been down for about two days now. The last two times the site went offline it remained down for a week or two. Theres no information on any new domains or updates and no recent news regarding the site. It is however hosted by the notorious Njalla"
X Link 2026-02-05T23:48Z 157.6K followers, [----] engagements
"A dataset of [-----] cryptocurrency leads is being sold for $5000 with only one copy available. The data allegedly collected from advertising campaigns includes [-----] unique phone numbers and [-----] unique emails spanning multiple countries including Australia UK Canada France and over [--] others. Records contain names contact details registration dates and country information. https://twitter.com/i/web/status/2019798289630081182 https://twitter.com/i/web/status/2019798289630081182"
X Link 2026-02-06T15:40Z 158.1K followers, [----] engagements
"Network access to a U.S. retail and supply chain management company with $1.5M+ in revenue is being sold for $12000. The listing claims SonicWall VPN RDP and SSH access with certificates to 6+ dev servers domain user privileges and database access across 8+ large databases (MSSQL Redis MySQL). The network allegedly spans 140+ stores across [--] states with approximately [----] endpoints [--] domain controllers and 12TB of data"
X Link 2026-02-06T18:37Z 157.9K followers, [----] engagements
"A set of [---] Canadian credit cards obtained via sniffing is being auctioned with a claimed 7595% validity rate. The data includes full card numbers CVVs expiration dates names addresses phone numbers emails and IPs. Card balances reportedly range from $300$600. The auction starts at $2000 with a blitz price of $6000. https://twitter.com/i/web/status/2019883611705733216 https://twitter.com/i/web/status/2019883611705733216"
X Link 2026-02-06T21:19Z 158.2K followers, [----] engagements
"Atlas Air has been claimed a victim to Everest Ransomware"
X Link 2026-02-06T22:57Z 157.9K followers, [----] engagements
"Approximately [--] minutes ago [----------] BTC ($181K) was transferred to Bitcoins genesis address effectively burning the funds β«π₯ https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"
X Link 2026-02-07T00:18Z 158.5K followers, 16.7K engagements
"Vouch: A contributor trust management system based on explicit vouches to participate. GitHub: https://github.com/mitchellh/vouch https://github.com/mitchellh/vouch"
X Link 2026-02-08T00:41Z 158.4K followers, [----] engagements
"An initial access broker is selling full control access to two separate targets for $300 each. A European private file host and the second is a private AI business communications infrastructure platform. Both listings claim Linux OS firewall device access and root RCE with shell and network admin panel permissions. https://twitter.com/i/web/status/2020557187672686914 https://twitter.com/i/web/status/2020557187672686914"
X Link 2026-02-08T17:55Z 158.1K followers, 10K engagements
"β Effective Feb 12th the @DarkWebIntelBot will be parked and will no longer provide intel. X released a pay-per-use API shortly after I made the below post and deprecated the free tier altogether. It's no longer worth maintaining. The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing cycle is over. It is not worth the $200 a month and could be better used towards infrastructure. All the current alerts on that account will still flow but will likely be rate The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing"
X Link 2026-02-08T20:22Z 158.3K followers, 15K engagements
"β A data set allegedly from casio.ru the Russian arm of Casio has been posted with over [--] million records. The data includes full names cities addresses phone numbers and country fields. Sample records show Russian citizens from cities including Tyumen Magnitogorsk Nizhny Tagil Ekaterinburg Chelyabinsk and Surgut. https://twitter.com/i/web/status/2021263319345045744 https://twitter.com/i/web/status/2021263319345045744"
X Link 2026-02-10T16:41Z 158.1K followers, [----] engagements
"XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687) https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/ https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/"
X Link 2026-02-10T17:52Z 158.1K followers, [----] engagements
"Cl0p Ransomware Claims [--] Victims ANS Tech Inc Hudson Executive IT Architects Proactive Medical Smith IP Services BE09 Broadreach Retail RBD Construction Che Hardy Gokall IT Hudson Sustainable OneSupport GiaSpace GiaCare Hyde Park UMC AIG Business The Perpetual Garner Group Spohn Associates CFDT Boyden https://twitter.com/i/web/status/2021290815964725684 https://twitter.com/i/web/status/2021290815964725684"
X Link 2026-02-10T18:30Z 158.4K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. CVE-2026-21510: Microsoft Windows Shell Protection Mechanism"
X Link 2026-02-10T18:52Z 158.4K followers, [----] engagements
"β RDP access with user rights to an Australian machinery and equipment company with $12M+ in revenue is being sold for $800. The listing notes Trend Micro antivirus is in place"
X Link 2026-02-10T21:12Z 158.4K followers, [----] engagements
"A U.S. military aerospace simulations and defense contractor is being sold for $400 with root RCE shell access and a hijacked admin panel session on a Linux firewall device"
X Link 2026-02-10T22:09Z 158.4K followers, [----] engagements
"2/3 Domain user access to an Australian retail company with $20M in revenue is being auctioned. The listing specifies Sophos VPN access. Auction starts at $1500 with a blitz price of $3000"
X Link 2026-02-11T16:27Z 158.4K followers, [----] engagements
"3/3 Domain admin access to a Swiss manufacturing company with $15M in revenue is being auctioned. The listing specifies Sophos VPN with Sophos antivirus. Auction starts at $1500 with a blitz price of $3000"
X Link 2026-02-11T16:27Z 158.4K followers, [----] engagements
"A data set allegedly from Zain Kuwait a major telecommunications provider has been posted for sale containing [-------] subscriber records totaling 11.3GB in JSON format. The breach is dated [----] and includes subscriber numbers owner names and associate names. Sample data shows Arabic-language subscriber records with phone numbers verification status and spam flags. The seller offers tiered pricing in Monero: [--] XMR for takedown [--] XMR for exclusive purchase with deletion [--] XMR for non-exclusive access or [--] XMR for the scraping exploit itself."
X Link 2026-02-11T16:41Z 158.4K followers, [----] engagements
"WordPress admin shell and database access to an international e-commerce store is being auctioned. The site has a $601.91 average order value with [---] orders in January (351 card [--] crypto) and [---] in February (109 card [--] crypto). A payment card redirect tap is in place with 100% unique orders. The auction starts at $1000 with a blitz price of $2500. https://twitter.com/i/web/status/2021637425286816189 https://twitter.com/i/web/status/2021637425286816189"
X Link 2026-02-11T17:28Z 158.4K followers, [----] engagements
"π¨ A threat actor is allegedly selling access and data from a Spain-based business association on a hacking forum. The listing allegedly includes: Foothold/access to internal office network Email credentials (6000+ contacts in address book) Employee email credentials Email marketing account (3000+ contacts) Cloud storage access Social media accounts Extracted member PII (name DNI/ID NIF address email phone business name IBAN etc.) The threat actor is asking for $1000. https://twitter.com/i/web/status/2021694529783382429 https://twitter.com/i/web/status/2021694529783382429"
X Link 2026-02-11T21:15Z 158.4K followers, [----] engagements
"Here is a longer video "explaining" what possibly occurred. I looked for about a hour or two online after positing the other video and was not able to find any information on this. YouTube launched in December [----] so uploading a video at that time wasn't a big thing. π€·β The [----] Hijacking of Playhouse Disney (now Disney Junior) A now-deleted YouTube channel called MickeyArchives004 uploaded a video in [----] claiming to show a hijacked episode of Mickey Mouse Clubhouse. https://t.co/Vin6HFdAIm The [----] Hijacking of Playhouse Disney (now Disney Junior) A now-deleted YouTube channel called"
X Link 2026-02-14T23:25Z 158.6K followers, [----] engagements
"βA threat actor is auctioning WordPress admin access with Stripe iframe to a UAE shop. Start: $5000 Blitz: $20000"
X Link 2026-02-13T22:37Z 158.6K followers, [----] engagements
"The [----] Hijacking of Playhouse Disney (now Disney Junior) A now-deleted YouTube channel called MickeyArchives004 uploaded a video in [----] claiming to show a hijacked episode of Mickey Mouse Clubhouse"
X Link 2026-02-14T20:00Z 158.6K followers, 16.1K engagements
"A threat actor claims to be auctioning [--] German drivers licenses (DL) allegedly including front and back scans along with associated social insurance numbers health insurance details and additional supporting documents in some cases. Start: $100 Bid: $50 Blitz: $350"
X Link 2026-02-15T00:29Z 158.6K followers, [----] engagements
"β RuskiNet defaced the website of Taboo Disco Club"
X Link 2026-01-27T20:23Z 158.6K followers, [----] engagements
"π¨ SLSH (Scattered LAPSUS$ ShinyHunters) is actively targeting 100+ enterprises via live phishing panels Targets include: Technology & Software: Atlassian AppLovin Canva Epic Games Genesys HubSpot RingCentral ZoomInfo Iron Mountain Fintech & Payments: Adyen Jack Henry Shift4 Payments SoFi Biotech & Pharma: Alnylam Amgen Arvinas Biogen Gilead Sciences Moderna Neurocrine Biosciences Financial Services / Banking: Apollo Global Mgmt Blackstone Cohen & Steers Frost Bank goeasy Ltd. Guild Mortgage Morningstar RBC Securian Financial State Street TPG Capital Real Estate (REITs & Investment): Avison"
X Link 2026-01-29T03:06Z 158.6K followers, 14.8K engagements
"β German motorcycle site allegedly breached including live MySQL access and full banking data offered for sale π Germany Type: Data Breach / Initial Access Threat actor: OpenBullet Records: 75394+ SEPA records [-----] bank transactions [----] PayPal orders Samples: Yes The dataset includes SEPA direct debits bank transactions dating back to [----] user bank accounts PayPal order records and payment method details. Email and hashed password data is also allegedly included. Data includes: Full customer IBANs BICs account holder names sender names bank account numbers (Kontonummer/BLZ) transaction"
X Link 2026-02-12T15:47Z 158.6K followers, [----] engagements
"β A threat actor claims to have leaked data from Navodaya Transport. The allegedly compromised dataset reportedly includes [------] records containing internal IDs location data timestamps distance and duration metrics and tracking identifiers"
X Link 2026-02-14T06:04Z 158.6K followers, [----] engagements
"A threat actor claims to be offering a database containing [--] million unverified Saudi Arabian phone numbers. The post advertises a sample of the data and states that the full dataset is available for download"
X Link 2026-02-14T23:41Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked an all students dataset from North Kitsap School District a Washington State public school district. The post references an XLSX-formatted file and shares a sample allegedly containing student IDs first and last names dates of birth guardian names phone numbers email addresses physical addresses grade levels and geolocation-related details"
X Link 2026-02-15T01:49Z 158.6K followers, [----] engagements
"A threat actor claims to be auctioning access to [---] GitLab repositories reportedly under an owner-level account using a Java stack. The post references projects based in India within the astrology software niche. Start: $50 Step: $25 Blitz: $500"
X Link 2026-02-15T02:38Z 158.6K followers, [----] engagements
"Chris Titus Tech's Windows Utility: It is meant to streamline installs debloat with tweaks troubleshoot with config and fix Windows updates GitHub: https://github.com/ChrisTitusTech/winutil https://github.com/ChrisTitusTech/winutil"
X Link 2026-02-11T20:29Z 158.6K followers, [----] engagements
"YouTube appears to be down at least for some of us. π"
X Link 2026-02-11T20:41Z 158.6K followers, 13.5K engagements
"The Hackers Who Trolled The FBI (twice) On March 15th [----] the FBI led a coordinated takedown of BreachForums the largest data-leak forum on the internet after years of silently tracking its members from Diogo Santos Coelho's RaidForums to Pompompurin's reign and Baphomet's brief attempt to keep it alive. The operation unraveled a network of cybercriminals including ShinyHunters a group behind some of the biggest corporate breaches in history who had spent years openly trolling the FBI. https://twitter.com/i/web/status/2021985395081195767 https://twitter.com/i/web/status/2021985395081195767"
X Link 2026-02-12T16:30Z 158.6K followers, 10.4K engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS macOS tvOS watchOS and visionOS contain an improper restriction of operations"
X Link 2026-02-12T18:51Z 158.6K followers, 15.6K engagements
"A threat actor is selling a data set of dinar.sa a Saudi investment platform containing approximately [----] investor records. Exposed data reportedly includes investor IDs full names emails phone numbers wallet balances national ID details dates of birth and legal registration information. https://twitter.com/i/web/status/2022346133029126452 https://twitter.com/i/web/status/2022346133029126452"
X Link 2026-02-13T16:24Z 158.6K followers, 20.3K engagements
"PLAY Ransomware Claims [--] Victims Lusamerica Foods HMA Unified Engineering UCG Associates Heartland Title Services"
X Link 2026-02-13T20:10Z 158.6K followers, [----] engagements
"The Hacker Who Outsmarted the FBI In the 1990s Kevin Mitnick became Americas most wanted hacker without ever unleashing a virus. Instead of malware he relied on manipulation confidence and a telephone to breach telecom companies major tech firms and even monitor the agents pursuing him. This is the story of a hacker who did not need code to gain access. He only needed your trust. https://twitter.com/i/web/status/2022412960270819770 https://twitter.com/i/web/status/2022412960270819770"
X Link 2026-02-13T20:49Z 158.6K followers, [----] engagements
"β A threat actor is auctioning WordPress shop/store admin access with credit card iframe injection. Claims: [---] total CC captures [---] in last [--] days Card rate: 100% GEO: US Form type: iframe Start: $800 Step: $150 Blitz: $2200"
X Link 2026-02-13T21:33Z 158.6K followers, [----] engagements
"A threat actor is selling 494GB of corporate data from Hansa Solutions (hansasolutions.com) an Indian insurance IT company from a network-wide breach in January [----]. Claims: 88GB Microsoft Exchange EDB - CEO & employee emails calendars contacts internal comms [--] servers (404GB) - Development and Operational/Internal All customer data & partner transaction history (MCIS Life ICICI Prudential SBI Life Bajaj Allianz Kotak Life etc.) Samples include internal Teams chats employee payslips and insurance policy records Price: $19000$25000 (XMR/BTC)"
X Link 2026-02-13T21:53Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked an aggregated database containing over [--] billion records allegedly sourced from major Chinese organizations and datasets. The post references data attributed to Pinduoduo (14.5B records) JD.com (10B records) broader Chinese e-commerce datasets (8.15B records) YTO Express and ZTO Express (4.5B records) a 1.2B police database the Shanghai National Police (960M records) and a 960M citizens database. The dataset reportedly includes consumer logistics and registry information spanning multiple sectors across China."
X Link 2026-02-14T18:51Z 158.6K followers, [----] engagements
"A threat actor claims to be auctioning access to [--] GitLab repositories reportedly under an owner-level account using Unreal Engine [--] (UE5). The post references projects based in Vietnam within the game development niche. Start: $100 Step: $50 Blitz: $1000"
X Link 2026-02-15T04:37Z 158.6K followers, [----] engagements
"https://github.com/Miiden/EyeSpy https://github.com/Miiden/EyeSpy"
X Link 2024-05-21T17:14Z 158.6K followers, [----] engagements
"hackGPT: I leverage OpenAI and ChatGPT to do hackerish things Link: GitHub: https://github.com/NoDataFound/hackGPT http://hackGPT.com https://github.com/NoDataFound/hackGPT http://hackGPT.com"
X Link 2025-05-25T22:08Z 158.6K followers, 176.4K engagements
"There appears to be a massive outage going on. Twitch Discord Google Cloud Google Google Meet Google Nest CharacterAI Etsy Khan Academy Google Drive Google Maps Pokemon TCG Dialpad Mailchimp HighLevel Amazon Web Services OpenAI Cloudflare Anthropic Breezeline Dragon Ball State Farm Embark Studios Gmail Rocket League DoorDash Wells Fargo Marvel MLB TV Google Gemini Fortnite Spotify Shopify Snapchat Tekken Box Equifax Roll20 Cursor Looker Studio FuboTV IKEA reCAPTCHA GitLab Steam Clover POS Systems AMC Theatres NPM"
X Link 2025-06-12T18:21Z 158.6K followers, 777.2K engagements
"π¨π¨Archetyp Darknet Market the world's largest Darknet Market has been seized by law enforcement"
X Link 2025-06-16T09:25Z 158.6K followers, 169.5K engagements
"π¨Public Release of Rust-Based Loader (Tribute to Lumma) Category: Malware Threat Actor: DeWorm14 Forum: RAMP Network: Clearnet Dark Web Details: Actor shares a Rust + x64 assembly loader named ttl_loader written as a tribute to Lumma. Claims full EDR bypass compiled using modified Fortinet panel and tested stub. No encryption or injection modules included; a DHL-based C2 variant also exists. Attachment: ttl_loader.zip provided. https://twitter.com/i/web/status/1948796756260475083 https://twitter.com/i/web/status/1948796756260475083"
X Link 2025-07-25T17:25Z 158.6K followers, [----] engagements
"π¨D4RK 4RMY Ransomware Claims [--] New Victims Mizuha Financial Group Tsai Capital Onex Canada Asset Management Inc Magellan Financial Group Bridgewater Associates"
X Link 2025-08-07T16:42Z 158.6K followers, [----] engagements
"Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total Hybrid Analysis URLHaus Polyswarm Malshare Alien Vault Malpedia Malware Bazaar ThreatFox Triage InQuest VxExchange and IPInfo. GitHub: https://github.com/alexandreborges/malwoverview https://github.com/alexandreborges/malwoverview"
X Link 2025-08-23T21:14Z 158.6K followers, 34.2K engagements
"InstagramPrivSniffer: Views Instagram private account's media without login GitHub: https://github.com/obitouka/InstagramPrivSniffer https://github.com/obitouka/InstagramPrivSniffer"
X Link 2025-09-25T17:32Z 158.6K followers, 174.7K engagements
"iptv: Collection of publicly available IPTV channels from all over the world GitHub: Channels: (38065channel(s)) https://iptv-org.github.io/ https://github.com/iptv-org/iptv https://iptv-org.github.io/ https://github.com/iptv-org/iptv"
X Link 2025-11-17T22:37Z 158.6K followers, 309.9K engagements
"π¨Cl0p Ransomware Claims [--] Victims Al Jomaih Automotive Fruit of the Loom Frontrol Humana Oracle Abbott Laboratories Mazda MAS Holdings Canon Trane Technologies Grupo Bimbo Bechtel Este Lauder Companies Alshaya Group Fleetship Management Mazda USA Worley L&L Products University of Phoenix Treet Corporation Greater Cleveland RTA A10 Networks Envoy Broadcom Southern Illinois University Dooney & Bourke WellBiz Brands Michelin Sumitomo Chemical Greenball Corporation https://twitter.com/i/web/status/1991550211500421456 https://twitter.com/i/web/status/1991550211500421456"
X Link 2025-11-20T16:52Z 158.6K followers, 45.7K engagements
"π¨BreachForums is back again. Clearnet: breachforums.bf Dark Web: http://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion IP: 91.215.85.48 ASN: [------] Server: Apache/2.4.65 (Debian) IP: 45.134.26.22 ASN: [------] Server: Apache/2.4.65 (Debian)"
X Link 2025-12-14T16:10Z 158.6K followers, 95.3K engagements
"π¨ Alleged leak of CAF (Caisse dAllocations Familiales) Lines: [--------] Size: 15.3GB"
X Link 2025-12-18T00:31Z 158.6K followers, 76.3K engagements
"π¨ Pickett USA Engineering data dump for sale - [-----] GB of engineering data from major U.S. electricity utilities. Clients affected: Tampa Electric Company (TECO) Duke Energy Florida (DEF) American Electric Power (AEP) Data exposed (139.1 GB - [---] files): 800+ classified raw LiDAR point cloud files (.las format [---] MB to 2+ GB each) Transmission line corridors and substations coverage High resolution orthophotos (.ecw format up to [---] MB per project) MicroStation design files (.dgn) and PTC settings Vegetation feature files (up to [--] GB) Fixed price: [---] Bitcoin (BTC) or Monero (XMR)"
X Link 2026-01-01T21:39Z 158.6K followers, [----] engagements
"βThreat actor auctioning RDP access to an Italian manufacturing company π Italy Access Type: RDP Privileges: Domain User Hosts: [--] Threat Actor: Big-Bro Samples: No Auction Details: Start: $850 Step: $250 Flash/Blitz: $1500"
X Link 2026-01-09T00:25Z 158.5K followers, [----] engagements
"0APT Ransomware Claim [--] Victims π FutureTech AI Urban Outfitters Ltd π National Rail Network CryptoVault Exchange Elite Hospitality Group Noble Pharma π Rapid Courier Services π Global News Corp π Zenith Telecom π Visionary Architects π Titan Construction π Metro General Hospital Obsidian Tech Labs π Diamond Deep Drilling π Solaris Renewable Energy π Sapphire Jewelry π Pacific Ocean Cargo π IronClad Security π Emerald Agriculture π GreenValley Agriculture π Crimson Fashion House π Golden Chip Casino π EduTech Systems Silver City Bank π Unity Insurance π Blue Water"
X Link 2026-01-30T18:19Z 158.5K followers, [----] engagements
"Lol this site is so dumb. https://stopice.net/securitycamera.shtml Not sure if sensitive or not since some tokens/keys are fine to be in the frontend (think Cloudflare turnstile). My secret finder found a Google API Key in this Stopice.net site. I'm not a Google nerd obviously so maybe someone would know. If so. yikes. π€·β https://t.co/UveVTqjRVs https://stopice.net/securitycamera.shtml Not sure if sensitive or not since some tokens/keys are fine to be in the frontend (think Cloudflare turnstile). My secret finder found a Google API Key in this Stopice.net site. I'm not a Google nerd"
X Link 2026-01-31T19:19Z 158.5K followers, [----] engagements
"500 "validated" Fortinet VPN credentials collected from stealer logs are being auctioned with duplicates removed and validity confirmed via Tmchecker across multiple countries. The auction starts at $1500 with a flash price of $3000"
X Link 2026-02-04T16:01Z 158.5K followers, [----] engagements
"0APT has claimed [--] victims. Newly named as of Jan [--] the group is already calling out some MAJOR organizations. Possible scam group HCA Healthcare (UK Private Division) Vestas Wind Systems Edwards Lifesciences Keysight Technologies Hologic Galderma Sysmex Corporation Align Technology Snap-on Incorporated Varian Medical Systems Bruker BioSpin Teledyne Technologies Terumo Corporation Xylem Inc. bioMrieux Ingersoll Rand Masimo Halma PerkinElmer Zebra Technologies Andritz Group Prince Court Medical Hexagon AB Al-Futtaim Conglomerate Sandvik Coromant Teleflex ResMed Epworth Private Healthcare"
X Link 2026-02-04T17:03Z 158.6K followers, [----] engagements
"Threat Actor Claims Breach of Loxam Delivery Operations Offers 828K Records Spanning [--------] https://darkwebinformer.com/threat-actor-claims-breach-of-loxam-delivery-operations-offers-828k-records-spanning-2020-2026/ https://darkwebinformer.com/threat-actor-claims-breach-of-loxam-delivery-operations-offers-828k-records-spanning-2020-2026/"
X Link 2026-02-04T17:34Z 158.6K followers, [----] engagements
"139 TB of data No shot"
X Link 2026-02-04T20:27Z 158.6K followers, 180.3K engagements
"The IOC darkforums.io domain has been suspended. The new IOC domain is darkforums.me"
X Link 2026-02-04T22:01Z 158.6K followers, 23.7K engagements
"Access to a large EU-based Magento 2.4.7 sports shop is being auctioned with iframe card capture already in place. The site reportedly processed [-----] cards in December [------] in January and [-----] so far in February. The auction starts at $30000 with a blitz price of $50000. https://twitter.com/i/web/status/2019484377852571927 https://twitter.com/i/web/status/2019484377852571927"
X Link 2026-02-05T18:52Z 158.6K followers, [----] engagements
"Dutch authorities just seized one Windscribe VPN server without a warrant claiming they'll return it after they "fully analyze it." They say their real concern "is the unredacted Epstein files we had on there.""
X Link 2026-02-06T00:20Z 158.6K followers, 15.9K engagements
"π₯ Working on a new open source script that will be uploaded to GitHub sometime this month. It scans a base domain (example darkforums) across 224+ TLDs to find every registered variant. For each hit it pulls DNS records WHOIS registration data (registrar creation date registrant) TLS certificates and HTTP details including the page title. It flags newly registered domains suspicious TLDs parked pages and privacy-protected WHOIS. It outputs clickable terminal links auto-saves results to JSON with scan-over-scan diffing to catch new registrations. Python code with no APIs no dependencies no"
X Link 2026-02-06T17:24Z 158.5K followers, [----] engagements
"β A threat actor is auctioning domain admin access to a U.S. construction management company with an estimated revenue of $20 million. The listing specifies Fortinet VPN access with SentinelOne antivirus in place. The auction starts at $2000 with a $500 step and a blitz price of $4000. https://twitter.com/i/web/status/2020895111630979114 https://twitter.com/i/web/status/2020895111630979114"
X Link 2026-02-09T16:18Z 158.5K followers, [----] engagements
"French Insurance Company Maxance Allegedly Breached 348K Customer Records Leaked https://darkwebinformer.com/french-insurance-company-maxance-allegedly-breached-348k-customer-records-leaked/ https://darkwebinformer.com/french-insurance-company-maxance-allegedly-breached-348k-customer-records-leaked/"
X Link 2026-02-09T16:34Z 158.6K followers, [----] engagements
"Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Allegedly Exposes Thousands of Instances (CVE-2026-1731) https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/ https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/"
X Link 2026-02-10T17:08Z 158.5K followers, [----] engagements
"Access to the Colombian Government Emergency Response Agency is being sold for $300 with root RCE shell and network admin panel on a Linux firewall device"
X Link 2026-02-10T22:12Z 158.6K followers, 61.4K engagements
"Root RCE and full admin panel access to a Chinese agentic AI edge-as-a-service (EaaS) corporation is being sold for $200. The target runs Linux with firewall device access"
X Link 2026-02-10T22:13Z 158.6K followers, 10.8K engagements
"1/3 Domain admin access to a Moroccan manufacturing company with $20M in revenue is being auctioned. The listing specifies Sophos VPN with Trend Micro antivirus. Auction starts at $1500 with a blitz price of $3500"
X Link 2026-02-11T16:27Z 158.6K followers, [----] engagements
"CVE-2024-27564: OpenAI ChatGPT Server-Side Request Forgery PoC: Vulnerable Parameter : pictureproxy.phpurl=payload A vulnerability in pictureproxy.php allows remote attackers to perform arbitrary requests by injecting URLs into the url parameter. This SSRF vulnerability can be exploited without authentication. https://github.com/chsxthwik/CVE-2024-27564 https://github.com/chsxthwik/CVE-2024-27564"
X Link 2026-02-11T18:11Z 158.5K followers, [----] engagements
"Video Credit: Video Date: September 14th [----] http://youtube.com/@Quantum-Hacker http://youtube.com/@Quantum-Hacker"
X Link 2026-02-11T18:11Z 158.6K followers, [----] engagements
"I simplified the UI for the GitHub advisories. The additional details. CWE references timestamps etc are now available in the detail modal. It's not complete but it's getting there. π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking it will be available at the end of February but I haven't decided on what tier. Faster loading and filtering - Searching sorting and switching https://t.co/3qSEmilOIt π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking"
X Link 2026-02-11T18:30Z 158.6K followers, [----] engagements
"I made some changes to the Keyword Notifications which only works for new blog posts. It is streamlined to use the same notification setup as the threat feeds but applies to blog posts to not interfere. Be sure to setup browser notifications for the threat feeds separately"
X Link 2026-02-11T19:54Z 158.5K followers, [----] engagements
"PLAY Ransomware has added four new victims to its leak site: Northbridge A commercial real estate investment and development firm. Makivik The legal representative corporation for Inuit beneficiaries of the James Bay and Northern Quebec Agreement. Catalanatto & Barnes A certified public accounting and advisory firm. Altak A construction and industrial services company. http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com"
X Link 2026-02-11T20:20Z 158.6K followers, [----] engagements
"$1000 Bug Bounty 2FA bypass due to CSRF misconfiguration POC on demo website Writeup: https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1 https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1"
X Link 2026-02-11T23:37Z 158.6K followers, 13.4K engagements
"β Brillen (operated by SuperVista AG) dataset allegedly leaked π Germany Type: Data Breach Threat actor: Meow Records: [-------] A forum post claims that Brillen a German eyewear retailer operated by SuperVista AG suffered a data breach in September [----] resulting in over [---] million rows of user data being compromised. The actor states the company fixed the vulnerability internally without making a public announcement. Data includes: First name last name email contact number DOB gender age street address postal code and city"
X Link 2026-02-12T15:31Z 158.6K followers, [----] engagements
"Odido Telecom Says Customer Data Compromised in Cyberattack The breach involves personal data from a customer contact system used by Odido. Approximately [---] million accounts are said to be affected. The intrusion was discovered several days ago. The following data was exposed according to Obido: Full name Address and city of residence Mobile number Customer number Email address IBAN (bank account number) Date of birth Identification details (passport or driver's license number and expiration date)"
X Link 2026-02-12T15:59Z 158.6K followers, [----] engagements
"Source links go to the vendor's decryptor page not direct downloads. If you know of a link to a guide/decryptor source that isn't listed/missing. Let me know and I will verify and add it"
X Link 2026-02-12T17:34Z 158.6K followers, [----] engagements
"New Forum: TierOne a/k/a T1erOne jprrin6bqe3flvtpyxkt4zsmzc3u6vvn7ahgtcbul224w3xn4h3gawid.onion t1eron3.vip Credit: @club31337"
X Link 2026-02-12T17:45Z 158.5K followers, 13K engagements
"Threat Attack Update - February 12th [----] https://darkwebinformer.com/threat-attack-update-february-12th-2026/ https://darkwebinformer.com/threat-attack-update-february-12th-2026/"
X Link 2026-02-12T23:14Z 158.6K followers, [----] engagements
"Email with the new design came broken will be fixed for tomorrow's email. View from the website instead"
X Link 2026-02-13T00:04Z 158.6K followers, [----] engagements
"I am no longer posting on Infosec Exchange or Telegram. Infosec Exchange was never really for me and Telegram has become difficult to manage with six channels. Its more manageable to focus on just two platforms (X and Discord) instead of having to follow up on [--]. It also makes things easier not having to copy and paste content across multiple socials. I will still be hiding on Telegram just not posting. I also do not have a username there. Other than that everything else remains the same when it comes to seeing posts on social media. http://darkwebinformer.com/socials"
X Link 2026-02-13T00:48Z 158.6K followers, [----] engagements
"ShinyHunters claims Figure Technology Solutions Inc. as a victim"
X Link 2026-02-13T01:30Z 158.6K followers, [----] engagements
"π¨176 transfers have been made from the Silk Road crypto wallet in the last [--] hours https://intel.arkm.com/explorer/entity/silk-road https://intel.arkm.com/explorer/entity/silk-road"
X Link 2025-12-10T00:14Z 158.6K followers, 316.3K engagements
"π§leaker: A leak discovery tool that returns valid credential leaks for emails using passive online sources. GitHub: Nice password examples π https://github.com/vflame6/leaker https://github.com/vflame6/leaker"
X Link 2026-01-12T19:29Z 158.6K followers, 120.2K engagements
"In October [----] a critical server-side flaw in Instagram made it possible for unauthenticated attackers to view private photos and captions without needing to log in or to follow the account. Instagram silently patched the vulnerability. Heres how the PoC worked"
X Link 2026-01-26T15:50Z 158.6K followers, 28.9K engagements
"CVE-2026-24061: Telnet RCE Exploit GitHub: This script exploits the CVE-2026-24061 vulnerability in Telnet servers using a malformed USER environment variable. CVSS: [---] Usage: python telnet_rce.py host -p port Arguments: host: Target IP address or hostname (required) -p --port: Target port (default: 23) Example: python telnet_rce.py 192.168.1.100 python telnet_rce.py -p [--] http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061 http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061"
X Link 2026-01-27T00:05Z 158.6K followers, 46.6K engagements
"β SSL/TLS certificates allegedly belonging to France's Ministry of the Interior and National French Police are being offered for sale. The leak includes [--] files in certificate formats (.crl .der .cer .pem .crt .xml) with the seller indicating additional certificates are available for purchase. https://twitter.com/i/web/status/2019500094383616298 https://twitter.com/i/web/status/2019500094383616298"
X Link 2026-02-05T19:55Z 158.6K followers, 12.3K engagements
"Webmail credentials for the Argentine Air Force (Fuerza Area Argentina) have been posted freely with screenshots showing access to internal email accounts at webcorreo.faa.mil.ar. The proof includes views of official correspondence personnel documents judicial records and internal communications referencing brigade operations union matters and personnel evaluations. https://twitter.com/i/web/status/2019802419891204119 https://twitter.com/i/web/status/2019802419891204119"
X Link 2026-02-06T15:56Z 158.6K followers, [----] engagements
"CVE-2025-1974: Kubernetes IngressNightmare Vulnerability CVSS: [---] PoC: PoC Published: March 26th [----] https://github.com/hakaioffsec/IngressNightmare-PoC https://github.com/hakaioffsec/IngressNightmare-PoC"
X Link 2026-02-10T00:49Z 158.6K followers, 15.7K engagements
"β A data set allegedly from Inter Rapidsimo described as Colombia's largest cargo and courier company has been posted with [------] customer records. The dump is dated February [----] and includes user IDs names passwords phone numbers emails addresses authentication data API tokens location IDs registration numbers and internal platform settings. http://interrapidisimo.com http://interrapidisimo.com"
X Link 2026-02-10T15:20Z 158.6K followers, 62.3K engagements
"Domain user access to a Saudi Arabian airports and air services transportation company with $650K+ in revenue is being auctioned. The listing claims RDWEB access [--] domain controllers [----] domain computers a publicly traded company (stock symbol noted) and Micro Trend antivirus. Auction starts at $3500 with a blitz price of $4500. https://twitter.com/i/web/status/2021265154281804055 https://twitter.com/i/web/status/2021265154281804055"
X Link 2026-02-10T16:49Z 158.6K followers, [----] engagements
"Access to Peru's capital regional government portal is being sold for $200 with root RCE shell and network admin panel on a Linux firewall device"
X Link 2026-02-10T22:13Z 158.6K followers, [----] engagements
"β BD Anonymous targeted the website of Tel Aviv University"
X Link 2026-02-11T21:26Z 158.6K followers, [----] engagements
"Video Credit: http://youtube.com/@ByPandemonium http://youtube.com/@ByPandemonium"
X Link 2026-02-12T16:31Z 158.6K followers, [----] engagements
"π₯ Ransomware Decryptor Database: A free searchable database of 150+ ransomware decryption tools. Search by name file extension or vendor. Mostly sourced from the No More Ransom Project. https://darkwebinformer.com/ransomware-decryptor-database/ https://darkwebinformer.com/ransomware-decryptor-database/"
X Link 2026-02-12T17:34Z 158.6K followers, [----] engagements
"And so another chapter begins. A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB"
X Link 2026-02-12T17:59Z 158.6K followers, [----] engagements
"CISA added one more vulnerability to the KEV Catalog today. CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to"
X Link 2026-02-12T20:40Z 158.6K followers, [----] engagements
"Ransomware Attack Update - February 12th [----] https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/"
X Link 2026-02-12T22:33Z 158.6K followers, [----] engagements
"A threat actor is selling an alleged critical severity OpenSea 0-day exploit chain for $100000 USD (BTC/XMR). The threat actor claims the exploit affects OpenSea's Seaport order validation logic on Ethereum Main Net Polygon and Blast enabling forced transfer of high-value NFTs at [--] ETH bypassing listing approvals and working on both active and inactive listings. The seller claims the vulnerability is unpatched and undisclosed. https://twitter.com/i/web/status/2022081741196869905 https://twitter.com/i/web/status/2022081741196869905"
X Link 2026-02-12T22:53Z 158.6K followers, 92.6K engagements
"Daily Dose of Dark Web Informer - February 12th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/"
X Link 2026-02-12T23:57Z 158.6K followers, [----] engagements
"RAMP Forum = TierOne Forum"
X Link 2026-02-13T16:36Z 158.6K followers, [----] engagements
"The Gentlemen Claim [--] Victims Gruppo Avanti LSA International Future Bath White Beach Hotel Smart Glass Nile Air City of New Castle Yash Highvoltage Insulators Pvt Ltd"
X Link 2026-02-13T17:50Z 158.6K followers, [----] engagements
"Zen-AI-Pentest: An Open-Source AI-Powered Penetration Testing Framework Worth Watching https://darkwebinformer.com/zen-ai-pentest-an-open-source-ai-powered-penetration-testing-framework-worth-watching/ https://darkwebinformer.com/zen-ai-pentest-an-open-source-ai-powered-penetration-testing-framework-worth-watching/"
X Link 2026-02-13T18:28Z 158.6K followers, [----] engagements
"Thalha Jubair [--] and Owen Flowers [--] the two teenagers allegedly tied to Scattered Spider and behind the 39m cyber-attack on Transport for London are kept behind bars as their trial date is confirmed for June 8th [----]. https://www.dailymail.co.uk/news/article-15557187/Teenagers-accused-39m-cyber-attack-Transport-London-trial-date.html https://www.dailymail.co.uk/news/article-15557187/Teenagers-accused-39m-cyber-attack-Transport-London-trial-date.html"
X Link 2026-02-13T20:39Z 158.6K followers, [----] engagements
"The Archaeological Institute of America (archaeological.org) the oldest and largest archaeological organization in North America has been claimed a victim to INTERLOCK Ransomware. Claims: [---] GB of data - [------] files across [-----] folders Includes Archive (121.1GB) QuickBooks (5.4GB) Workgroup (547.8GB) and test (175.1GB) directories https://twitter.com/i/web/status/2022431884060279046 https://twitter.com/i/web/status/2022431884060279046"
X Link 2026-02-13T22:05Z 158.6K followers, [----] engagements
"CISA has added one vulnerability to the KEV Catalog CVE-2026-1731: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise including unauthorized access data exfiltration and service disruption"
X Link 2026-02-14T00:36Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked data from Noel Gifts International Ltd a corporate gifting company. The alleged compromised dataset contains [-----] customer records [-----] cloud storage files including customer IDs company names contact persons phone numbers email addresses delivery addresses assigned sales representatives credit limits and payment terms. https://twitter.com/i/web/status/2022511112718086631 https://twitter.com/i/web/status/2022511112718086631"
X Link 2026-02-14T03:20Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked data from Free. The exposed dataset reportedly contains [----] million customer records including internal user IDs login numbers email addresses account status details full names and postal addresses"
X Link 2026-02-14T05:21Z 158.6K followers, 20.1K engagements
"β A threat actor claims to be selling access to Inmobiliaria Ras Baixas for $50"
X Link 2026-02-14T16:03Z 158.6K followers, [----] engagements
"Pangolin: The Self-Hosted Tunneled Reverse Proxy That's Quietly Replacing Cloudflare Tunnels https://darkwebinformer.com/pangolin-the-self-hosted-tunneled-reverse-proxy-thats-quietly-replacing-cloudflare-tunnels/ https://darkwebinformer.com/pangolin-the-self-hosted-tunneled-reverse-proxy-thats-quietly-replacing-cloudflare-tunnels/"
X Link 2026-02-14T17:09Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked [----] GB of data from Prefeitura de Fortaleza the municipal government of Fortaleza Brazil. The allegedly compromised dataset reportedly includes record IDs user IDs names email addresses phone numbers and state information"
X Link 2026-02-14T17:54Z 158.6K followers, [----] engagements
"A threat actor claims to be selling data from Immovalie a France-based real estate agency. The allegedly compromised dataset reportedly includes company database files such as internal documents logs XML files PDFs and other business-related records"
X Link 2026-02-14T20:24Z 158.6K followers, [----] engagements
"Canada Goose has been claimed a victim to ShinyHunters"
X Link 2026-02-14T20:40Z 158.6K followers, 10.8K engagements
"A threat actor claims to be selling [---] million records from the French Athletics Federation Frances national athletics governing body. The allegedly compromised dataset reportedly includes [-------] unique email addresses and [------] unique phone numbers along with associated names phone numbers email addresses physical addresses and additional member information"
X Link 2026-02-14T21:01Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked [----] records from ITTell an IT services provider. The allegedly compromised dataset reportedly includes full names phone numbers addresses last communication details and additional information. The data was reportedly breached on [--] September 2025"
X Link 2026-02-14T21:24Z 158.6K followers, [----] engagements
"A threat actor claims to be selling full administrative access to a Canada-based WordPress website including complete admin panel privileges and access to installed plugins"
X Link 2026-02-14T21:52Z 158.6K followers, [----] engagements
"A threat actor claims to be selling unauthorized FortiVPN and RDP access to a U.S.-based human resources organization. The advertised access reportedly includes local administrator and domain user privileges as well as connectivity to two domain controllers"
X Link 2026-02-14T22:25Z 158.6K followers, [----] engagements
"ClawBands: A Security Middleware That Puts Human-in-the-Loop Controls on OpenClaw AI Agents https://darkwebinformer.com/clawbands-a-security-middleware-that-puts-human-in-the-loop-controls-on-openclaw-ai-agents/ https://darkwebinformer.com/clawbands-a-security-middleware-that-puts-human-in-the-loop-controls-on-openclaw-ai-agents/"
X Link 2026-02-14T22:44Z 158.6K followers, [----] engagements
"A threat actor claims to have gained administrator access to grancabot.es a Spain-based website stating they were able to export the entire site and its contact database and upload a remote code execution (RCE) file. The actor alleges the access does not include root privileges but claims escalation is possible and further states that up to [--] additional websites hosted on the same server were identified"
X Link 2026-02-14T23:09Z 158.6K followers, [----] engagements
"Refloow Geo Forensics: A high-performance open-source digital forensics tool designed for investigators OSINT practitioners and security analysts. GitHub: https://github.com/Refloow/Refloow-Geo-Forensics https://github.com/Refloow/Refloow-Geo-Forensics"
X Link 2026-02-15T00:01Z 158.6K followers, [----] engagements
"A threat actor claims to be offering a dataset containing [----] records related to the Retired Officials Association of Bank of Baroda Zone Jaipur tied to Bank of Baroda an Indian public sector bank. The post states the data is from [----] and provided in CSV format allegedly including membership numbers primary member names phone numbers email addresses and city and region details. https://twitter.com/i/web/status/2022823672130744458 https://twitter.com/i/web/status/2022823672130744458"
X Link 2026-02-15T00:02Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked a database from MadMonkeyHostels.com a Southeast Asiabased hostel operator. The post alleges the breach occurred in February [----] and states that approximately [-----] customer records were exposed. The advertised dataset reportedly includes customer IDs email addresses MAD level details Firebase user IDs last sign-in dates weekly activity timestamps and login count metrics"
X Link 2026-02-15T00:49Z 158.6K followers, [----] engagements
"A threat actor claims to have leaked data from Ornikar a French online driving school platform. The allegedly compromised dataset reportedly contains [---] million records including internal user IDs email addresses first and last names dates of birth and phone numbers. This company was previously reported as breached in October 2024"
X Link 2026-02-15T01:14Z 158.6K followers, [----] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing