#  @DarkWebInformer Dark Web Informer Several major cybersecurity incidents have been reported recently. A significant data breach allegedly involving [---] billion Discord messages from [--] million users has been claimed, and various companies, including Comcast, Boyd Gaming Corporation, and Stellantis, have confirmed data breaches or cybersecurity incidents. Additionally, law enforcement has seized several dark web marketplaces, including Archetyp and Tradeogre. ### Engagements: [-------] [#](/creator/twitter::1697387633247150081/interactions)  - [--] Week [-------] -52% - [--] Month [---------] -0.98% - [--] Months [----------] +30% - [--] Year [----------] -32% ### Mentions: [--] [#](/creator/twitter::1697387633247150081/posts_active)  - [--] Week [---] -41% - [--] Month [---] +37% - [--] Months [-----] +50% - [--] Year [-----] -3.70% ### Followers: [-------] [#](/creator/twitter::1697387633247150081/followers)  - [--] Week [-------] +1.10% - [--] Month [-------] +6.30% - [--] Months [-------] +25% - [--] Year [-------] +69% ### CreatorRank: [------] [#](/creator/twitter::1697387633247150081/influencer_rank)  ### Social Influence **Social category influence** [stocks](/list/stocks) 12.83% [technology brands](/list/technology-brands) 12.83% [countries](/list/countries) 11.23% [finance](/list/finance) 6.95% [social networks](/list/social-networks) 6.95% [cryptocurrencies](/list/cryptocurrencies) #1012 [celebrities](/list/celebrities) 1.07% [exchanges](/list/exchanges) 1.07% [fashion brands](/list/fashion-brands) 0.53% [travel destinations](/list/travel-destinations) 0.53% **Social topic influence** [data](/topic/data) #737, [telegram](/topic/telegram) 4.28%, [shell](/topic/shell) #261, [ai](/topic/ai) 3.74%, [discord](/topic/discord) #3311, [in the](/topic/in-the) 3.21%, [crypto](/topic/crypto) #3103, [law enforcement](/topic/law-enforcement) 2.14%, [$googl](/topic/$googl) 2.14%, [ip](/topic/ip) #724 **Top accounts mentioned or mentioned by** [@noo_idcard](/creator/undefined) [@lakle1308](/creator/undefined) [@grok](/creator/undefined) [@zachxbt](/creator/undefined) [@abusech](/creator/undefined) [@intcyberdigest](/creator/undefined) [@snagg](/creator/undefined) [@rxerium](/creator/undefined) [@securelayer7](/creator/undefined) [@fbiopenup](/creator/undefined) [@okta](/creator/undefined) [@bleepingcomputer](/creator/undefined) [@bypandemonium](/creator/undefined) [@club31337](/creator/undefined) [@darkwebintelbot](/creator/undefined) [@quantumhacker](/creator/undefined) [@sharp4882fabypassonprivatebugbountyprogramduetocsrftokenmisconfiguration5a9c82151a1](/creator/undefined) [@alfonsojgr](/creator/undefined) [@tmppbr](/creator/undefined) [@elingen73113720](/creator/undefined) **Top assets mentioned** [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Microsoft Corp. (MSFT)](/topic/microsoft) [Coinbase Global Inc. (COIN)](/topic/coinbase) [Ethereum (ETH)](/topic/ethereum) [PolySwarm (NCT)](/topic/polyswarm) [CarMax, Inc (KMX)](/topic/carmax-inc) [Bumble Inc. (BMBL)](/topic/bumble-inc) [Flex Ltd. Ordinary Shares (FLEX)](/topic/$flex) [SolarWinds Corporation Common Stock (SWI)](/topic/$swi) [Noble Corporation (NE)](/topic/$ne) ### Top Social Posts Top posts by engagements in the last [--] hours "π¨Public Release of Rust-Based Loader (Tribute to Lumma) Category: Malware Threat Actor: DeWorm14 Forum: RAMP Network: Clearnet Dark Web Details: Actor shares a Rust + x64 assembly loader named ttl_loader written as a tribute to Lumma. Claims full EDR bypass compiled using modified Fortinet panel and tested stub. No encryption or injection modules included; a DHL-based C2 variant also exists. Attachment: ttl_loader.zip provided. https://twitter.com/i/web/status/1948796756260475083 https://twitter.com/i/web/status/1948796756260475083" [X Link](https://x.com/DarkWebInformer/status/1948796756260475083) 2025-07-25T17:25Z 156.7K followers, [----] engagements "mydocs has posted the following claims in just [--] days. Best Western Hotel Hotel Ercolini e Savi Hotel Sanpi Milano Mediolanum Hotel Leonardo Hotels Savoia resort Astoria Suite Hotel Hotel Continentale Hotel Ca dei Conti Casa Dorita Hotel Regina Isabella Portals Hills Boutique Hotel https://twitter.com/i/web/status/1955778859955085673 https://twitter.com/i/web/status/1955778859955085673" [X Link](https://x.com/DarkWebInformer/status/1955778859955085673) 2025-08-13T23:49Z 157.9K followers, [----] engagements "Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total Hybrid Analysis URLHaus Polyswarm Malshare Alien Vault Malpedia Malware Bazaar ThreatFox Triage InQuest VxExchange and IPInfo. GitHub: https://github.com/alexandreborges/malwoverview https://github.com/alexandreborges/malwoverview" [X Link](https://x.com/DarkWebInformer/status/1959363732749873543) 2025-08-23T21:14Z 157.9K followers, 34.2K engagements "π¨ Simon Property Group has Fallen Victim to MEDUSA Ransomware π United States Industry: Real Estate / Retail Threat Actor: Unverified (Dark Web Listing) Network: Dark Web π§ A ransomware group has allegedly listed Simon Property Group as a victim of ransomware. The listing claims to include sensitive company data and employee information from the real estate investment trust (REIT) headquartered in Indianapolis Indiana. Simon Property Group owns and operates major U.S. retail and outlet centers including Premium Outlets and The Mills. https://twitter.com/i/web/status/1983565405743391027" [X Link](https://x.com/DarkWebInformer/status/1983565405743391027) 2025-10-29T16:03Z 156.7K followers, [----] engagements "π¨ New Ransomware Claims Posted Today Anubis Trumbull County Benzona CoinbaseCartel Renesas Electronics DataCarry Camomilla Dragonforce Jack Levine Precision Compounding Embargo Everest Benchmark Electronics Inc Handala From Shield to Shame Incransom Kazu CT Dent Ltd Lynx Trucash Nightspire Ermat Grup Nova ANG BROTHERS (M&E) PTE. LTD. (P3) qilin Canvas Church Diesel Electric Kasapreko Khazzan Logistics Towerstream UniqueTech Engineering Rhysida SODISE http://www.toc.co.jp http://www.mylawcompany.com http://bennett.edu http://lso.com http://platinumone.in http://www.toc.co.jp" [X Link](https://x.com/DarkWebInformer/status/1997442252587831655) 2025-12-06T23:05Z 157.9K followers, [----] engagements "π¨ Threat actor selling 340GB of data allegedly obtained from impacting French energy and construction sector entities including EDF Power Plants and multiple Eiffage and Bouygues-related projects advertised on a dark web forum. π France Industry: Energy/Construction Type: Data Leak Threat Actor: Angel_Batista Samples: Yes Major companies affected: - lectricit de France SA (93.7 GB) - Data from EDF Power Plant including CRUAS GRAVELINES BUGEY ST LAURENT DAMPIERRE and TRICASTIN - Eiffage S.A. (153 GB) - Eiffage Construction/Energie/Genie Civil/Immobilier/Rail Additional companies (full list" [X Link](https://x.com/DarkWebInformer/status/2008199448082423927) 2026-01-05T15:30Z 157.9K followers, [----] engagements "KPMG has been claimed a victim to Nova Ransomware" [X Link](https://x.com/DarkWebInformer/status/2014759725699662076) 2026-01-23T17:58Z 156.2K followers, 26.2K engagements "Warren County Sheriffs Office has been claimed a victim to RansomHouse Ransomware" [X Link](https://x.com/DarkWebInformer/status/2014764376297795619) 2026-01-23T18:17Z 156.8K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2024-37079: Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability CVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability CVE-2025-31125: Vite Vitejs Improper Access Control Vulnerability CVE-2025-54313: Prettier eslint-config-prettier Embedded Malicious Code Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/" [X Link](https://x.com/DarkWebInformer/status/2014788225324232884) 2026-01-23T19:52Z 156.5K followers, [----] engagements "Video Darknet Bible: The Ultimate OpSec Guide "Stephen Sims joins David Bombal to discuss Operational Security (OpSec) through the lens of the "Darknet Marketplace Bible" (DNM Bible). While this document is originally designed to help criminals evade law enforcement while buying illegal goods Stephen argues it is an excellent resource for cybersecurity professionals journalists and privacy advocates to learn high-level anonymity and encryption techniques." https://www.youtube.com/watchv=cYVOe7k1N7w https://www.youtube.com/watchv=cYVOe7k1N7w https://www.youtube.com/watchv=cYVOe7k1N7w" [X Link](https://x.com/DarkWebInformer/status/2014821631030337727) 2026-01-23T22:04Z 156.3K followers, [----] engagements "ShinyHunters Claims CarMax Inc. as a victim" [X Link](https://x.com/DarkWebInformer/status/2014862052670550082) 2026-01-24T00:45Z 157.9K followers, 38.8K engagements "Clawdbot: A personal AI assistant you run on your own devices. GitHub: Clawdbot answers you on the channels you already use (WhatsApp Telegram Slack Discord Google Chat Signal iMessage Microsoft Teams WebChat) plus extension channels like BlueBubbles Matrix Zalo and Zalo Personal. It can speak and listen on macOS/iOS/Android and can render a live Canvas you control. https://github.com/clawdbot/clawdbot https://github.com/clawdbot/clawdbot https://github.com/clawdbot/clawdbot https://github.com/clawdbot/clawdbot" [X Link](https://x.com/DarkWebInformer/status/2015242730423693682) 2026-01-25T01:58Z 156.2K followers, [----] engagements "A data set tied to Ledger users is being sold on a cybercrime forum with the seller claiming [----] records. Sample entries shared in the thread list Australia as the country. The leak is being presented as newly exposed Ledger customer information" [X Link](https://x.com/DarkWebInformer/status/2015574104712048959) 2026-01-25T23:54Z 156.2K followers, 63.6K engagements "β Dread has been down for a while. It is a technical issue related to the load balancer crashing. Will update if any other information comes forward" [X Link](https://x.com/DarkWebInformer/status/2015871171519005182) 2026-01-26T19:35Z 156.2K followers, [----] engagements "The DOJ recently added an Akamai captcha to its press release site which caused my original script to stop working. It was easily bypassed as you can see. However instead of using specific keywords to catch cyber related articles I decided to have it send all articles to X and Telegram so nothing is missed. So if something comes from the DOJ that is not cyber related now you know why. π¨ DOJ Press Release Date: 26/01/2026 Title: Former NATO Official and Turkish Defense Contractor Indicted for Bribery Scheme Related to Military Contracts https://t.co/WMkbwSfz0q π¨ DOJ Press Release Date:" [X Link](https://x.com/DarkWebInformer/status/2015907230231757282) 2026-01-26T21:58Z 156.2K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2018-14634: Linux Kernel Integer Overflow Vulnerability CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-23760: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/" [X Link](https://x.com/DarkWebInformer/status/2015944583608234051) 2026-01-27T00:26Z 156.5K followers, [----] engagements "I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange Telegram Discord. My last known follower account was 12.8K. π«‘ https://twitter.com/i/web/status/2016170657571062030 https://twitter.com/i/web/status/2016170657571062030" [X Link](https://x.com/DarkWebInformer/status/2016170657571062030) 2026-01-27T15:25Z 156.7K followers, 21.5K engagements "To the guy who paid for a year by Monero I upgraded your account. It was an issue on my end with seeing the invoice. I signed you out you just need to sign back in" [X Link](https://x.com/DarkWebInformer/status/2016225559869640787) 2026-01-27T19:03Z 156.3K followers, [----] engagements "CVE-2025-2294: Kubio AI Page Builder = 2.5.1 - Unauthenticated Local File Inclusion GitHub: CVSS: [---] https://github.com/fumioryoto/CVE-2025-2294-Kubio-2.5.1-LFi-Checker https://github.com/fumioryoto/CVE-2025-2294-Kubio-2.5.1-LFi-Checker" [X Link](https://x.com/DarkWebInformer/status/2016244211432001835) 2026-01-27T20:17Z 156.5K followers, [----] engagements "CVE-2026-22794: Appsmith Password Reset Account Takeover via Origin Header Injection GitHub: CVSS: [---] Writeup: https://www.resecurity.com/blog/article/cve-2026-22794-changing-the-origin-header-to-take-over-appsmith-accounts https://github.com/MalikHamza7/CVE-2026-22794-POC https://www.resecurity.com/blog/article/cve-2026-22794-changing-the-origin-header-to-take-over-appsmith-accounts https://github.com/MalikHamza7/CVE-2026-22794-POC" [X Link](https://x.com/DarkWebInformer/status/2016254377535697161) 2026-01-27T20:57Z 156.5K followers, 10.3K engagements "3000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup: https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261 https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261" [X Link](https://x.com/DarkWebInformer/status/2016265251814056126) 2026-01-27T21:41Z 156.7K followers, 24K engagements "CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability Severity: Critical CVSS: [---] Zero Day: Yes CVE Published: January 27th [----] Advisory: An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5 FortiAnalyzer 7.4.0 through 7.4.9 FortiAnalyzer 7.2.0 through 7.2.11 FortiAnalyzer 7.0.0 through 7.0.15 FortiManager 7.6.0 through 7.6.5 FortiManager 7.4.0 through 7.4.9 FortiManager 7.2.0 through 7.2.11 FortiManager 7.0.0 through 7.0.15 FortiOS 7.6.0" [X Link](https://x.com/DarkWebInformer/status/2016300612795711874) 2026-01-28T00:01Z 156.5K followers, 46.7K engagements "Cl0p Ransomware Claims [--] More Victims Nextphaze Etto Australia The Hale Road MRA Group Podiatry WA RMW Group Ventnor Y Architecture Studio Roberts Designs Sky Excavations Whole IT" [X Link](https://x.com/DarkWebInformer/status/2016319622631293399) 2026-01-28T01:17Z 156.6K followers, [----] engagements "ShinyHunters Claims Match Group Data Leak: 10M Hinge Match & OkCupid Records and Internal Documents Exposed (1.7GB)" [X Link](https://x.com/DarkWebInformer/status/2016341604706005079) 2026-01-28T02:44Z 157.3K followers, [----] engagements "Stallman the owner of Ramp had this to say about the seizure. Translated: To all whom this concerns: With regret I inform you that law enforcement agencies have gained control over the Ramp forum. This event destroyed years of my work to create the most free forum in the world and although I hoped this day would never come deep down I always understood that it was possible. This is the risk we all take. Despite the fact that I no longer control Ramp and will not be creating a new forum from scratch I will continue to buy accesses. My core business remains unchanged. If you have something you" [X Link](https://x.com/DarkWebInformer/status/2016545523608539381) 2026-01-28T16:14Z 156.5K followers, [----] engagements "β Sorb claims to sell 897K Cuban student records from Ministry of Higher Education including ID cards political affiliation military details and parents' information" [X Link](https://x.com/DarkWebInformer/status/2016549060979675230) 2026-01-28T16:28Z 157.9K followers, [----] engagements "Bumble Inc has been claimed a victim to ShinyHunters Files primarily from Google Drive and Slack [--] GB (Compressed)" [X Link](https://x.com/DarkWebInformer/status/2016611539650846928) 2026-01-28T20:37Z 157.9K followers, [----] engagements "βCVE-2025-52691: SmarterMail Authentication Bypass and RCE PoC https://darkwebinformer.com/cve-2025-52691-smartermail-authentication-bypass-and-rce-poc/ https://darkwebinformer.com/cve-2025-52691-smartermail-authentication-bypass-and-rce-poc/" [X Link](https://x.com/DarkWebInformer/status/2016618340333068672) 2026-01-28T21:04Z 156.5K followers, [----] engagements "Leaking the phone number of any Google user ($5k bounty) This vulnerability was submitted to Google's VRP program and awarded a $5000 bounty. It has since been patched. Writeup: https://brutecat.com/articles/leaking-google-phones https://brutecat.com/articles/leaking-google-phones" [X Link](https://x.com/DarkWebInformer/status/2016626991697440947) 2026-01-28T21:38Z 156.7K followers, 97.3K engagements "RAMP4u admin panel user list and messages allegedly up for sale after being seized yesterday by law enforcement" [X Link](https://x.com/DarkWebInformer/status/2016901718387093966) 2026-01-29T15:50Z 156.7K followers, 16.7K engagements "Flex The U.S. Marshals Service has confirmed it is investigating a potential compromise of government digital-asset accounts by John (Lick) according to Bloomberg News which cited an email from the agency. The incident was initially uncovered by blockchain investigator @zachxbt. https://t.co/TIiZoTbJp8 The U.S. Marshals Service has confirmed it is investigating a potential compromise of government digital-asset accounts by John (Lick) according to Bloomberg News which cited an email from the agency. The incident was initially uncovered by blockchain investigator @zachxbt." [X Link](https://x.com/DarkWebInformer/status/2016920879691596202) 2026-01-29T17:06Z 156.4K followers, 36.7K engagements "Threat Actor "ally549" is Allegedly Selling Fresh [----] SSN+DOB+DL Fullz Data Covering USA UK and Canada with Over [---] Million Records" [X Link](https://x.com/DarkWebInformer/status/2016933487975006587) 2026-01-29T17:56Z 156.5K followers, 11.1K engagements "SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine. This could be exploited without authentication. CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited would allow a" [X Link](https://x.com/DarkWebInformer/status/2016936977430695962) 2026-01-29T18:10Z 156.7K followers, [----] engagements "Advisories: https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551 https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551" [X Link](https://x.com/DarkWebInformer/status/2016936980236374065) 2026-01-29T18:10Z 156.6K followers, [----] engagements "Why Hackers Get Caught (Bad OPSEC)" [X Link](https://x.com/DarkWebInformer/status/2016943276880707793) 2026-01-29T18:35Z 157.3K followers, 10.1K engagements "CVE-2026-0920: Explanation and payload of the recent vulnerability in the LA-Studio Element WordPress plugin. PoC/Exploit: CVSS: [---] CVE Published: January 22nd [----] Advisory: https://github.com/advisories/GHSA-m3h4-65j5-6j8c https://github.com/John-doe-code-a11/CVE-2026-0920 https://github.com/advisories/GHSA-m3h4-65j5-6j8c https://github.com/John-doe-code-a11/CVE-2026-0920" [X Link](https://x.com/DarkWebInformer/status/2016976955611009146) 2026-01-29T20:49Z 156.5K followers, [----] engagements "CVE-2026-1056: Snow Monkey Forms = 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal PoC/Exploit: CVSS: [---] CVE Published: January 28th [----] Advisory: https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC" [X Link](https://x.com/DarkWebInformer/status/2016983549568577803) 2026-01-29T21:15Z 156.5K followers, [----] engagements "A XSS vulnerability took control of BreachForums about an hour and a half ago. It has since been fixed. Credit: Nicotine" [X Link](https://x.com/DarkWebInformer/status/2016989516603539786) 2026-01-29T21:39Z 157.4K followers, 48.5K engagements "β A threat actor known as "butcher" is auctioning [---] US credit cards (38 credit/62 debit) allegedly obtained via phishing with a starting bid of $800 and a flash price of $1200 claiming 85-95% validity" [X Link](https://x.com/DarkWebInformer/status/2017040659345973297) 2026-01-30T01:02Z 156.6K followers, [----] engagements "John (Lick) launched a Discord Wumpus-themed token that spiked to roughly a $3 million market cap. Insiders quickly dumped their holdings collectively pocketing over $200k in profits. John rug pulled his community & then deleted his Telegram account https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2 https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2" [X Link](https://x.com/DarkWebInformer/status/2017291120657502633) 2026-01-30T17:37Z 156.7K followers, 28.7K engagements "0APT Ransomware Claim [--] Victims π FutureTech AI Urban Outfitters Ltd π National Rail Network CryptoVault Exchange Elite Hospitality Group Noble Pharma π Rapid Courier Services π Global News Corp π Zenith Telecom π Visionary Architects π Titan Construction π Metro General Hospital Obsidian Tech Labs π Diamond Deep Drilling π Solaris Renewable Energy π Sapphire Jewelry π Pacific Ocean Cargo π IronClad Security π Emerald Agriculture π GreenValley Agriculture π Crimson Fashion House π Golden Chip Casino π EduTech Systems Silver City Bank π Unity Insurance π Blue Water" [X Link](https://x.com/DarkWebInformer/status/2017301575270592732) 2026-01-30T18:19Z 157.9K followers, [----] engagements "β GoodL7 PROOF targeted the website of Petroleum Authority of Brunei Darussalam" [X Link](https://x.com/DarkWebInformer/status/2017305351100457140) 2026-01-30T18:34Z 157.7K followers, [----] engagements "CVE-2026-0755: Reported Zero-Day in Gemini MCP Tool Could Allow Remote Code Execution Zero-Day: Yes CVSS: [---] CVE Published: January 23rd [----] Affected Vendor: Gemini MCP Tool Vulnerability Type: Remote Code Execution (RCE) Advisory: https://github.com/advisories/GHSA-28qq-5f47-r5x2 https://github.com/advisories/GHSA-28qq-5f47-r5x2" [X Link](https://x.com/DarkWebInformer/status/2017313122801856914) 2026-01-30T19:05Z 156.4K followers, [----] engagements "The XSS vulnerability that was used by Nicotine against BreachForums has provided exfiltration data as part of the leak. Some of the initial information I gathered from the shared file: Session cookies: MyBB forum cookies (mybblastvisit mybblastactive sid mybbuser dcap) that could allow session hijacking IP addresses: Both local IPs and public IPs of victims Browser fingerprinting data: User agent screen resolution hardware specs (CPU cores RAM) platform timezone language Browsing context: Current URL referrer URL showing navigation path localStorage/sessionStorage: Any stored browser data" [X Link](https://x.com/DarkWebInformer/status/2017335488999256431) 2026-01-30T20:33Z 156.2K followers, [----] engagements "You can find the link in my Telegram which is in my X bio" [X Link](https://x.com/DarkWebInformer/status/2017335490739949896) 2026-01-30T20:33Z 156.4K followers, [----] engagements "β A threat actor has allegedly leaked data from Iberdrola a Spanish multinational energy company claiming [----] files were exfiltrated on May [--] [----] containing customer account details phone numbers DNI/NIF identification addresses IBAN numbers and service information. https://twitter.com/i/web/status/2017338728562242008 https://twitter.com/i/web/status/2017338728562242008" [X Link](https://x.com/DarkWebInformer/status/2017338728562242008) 2026-01-30T20:46Z 156.6K followers, [----] engagements "All the time" [X Link](https://x.com/DarkWebInformer/status/2017343935501173166) 2026-01-30T21:07Z 156.3K followers, [----] engagements "β UXBERT Labs source code allegedly leaked in data breach" [X Link](https://x.com/DarkWebInformer/status/2017348496156746036) 2026-01-30T21:25Z 156.4K followers, [----] engagements "β More malware source code" [X Link](https://x.com/DarkWebInformer/status/2017398634917085393) 2026-01-31T00:44Z 157.4K followers, 28.8K engagements "Hearing a lot about Stopice.net having plate tracker images defaced and then the website being completely hacked all within the last [--] hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year. This is some of the information I was able to gather. A lot of errors show up in the console when visiting the site the JS/CSS path is completely open among other things. It's definitely incredibly vulnerable. IP: 216.243.62.131 ASN: [-----] ASName: Wave Broadband Server: openresty cPanel: Webmail: /js/ /css/ Stop ICE Raids Alert Network: IP: 15.235.11.14" [X Link](https://x.com/DarkWebInformer/status/2017429870012141926) 2026-01-31T02:48Z 156.5K followers, 23.9K engagements "Threat actor avatars/aliases still going wild lol" [X Link](https://x.com/DarkWebInformer/status/2017634504991531045) 2026-01-31T16:22Z 156.3K followers, 10.8K engagements "The PoC CVE Explorer is coming along. There is obviously no way to verify almost 90K or so PoCs so I placed a disclaimer at the top. Also enriching with the details of the repo is kind of a pain. This is still likely available at the end of February at the earliest. No spot checks have been done yet either. https://twitter.com/i/web/status/2017666263745474919 https://twitter.com/i/web/status/2017666263745474919" [X Link](https://x.com/DarkWebInformer/status/2017666263745474919) 2026-01-31T18:28Z 157.4K followers, [----] engagements "I was just informed by Spamhaus/@abuse_ch that I am now required to have a commercial license in order to use their API. As you know I use their API for the two IOCs feeds which is also used on my API for customers. Not sure of a solution to replace these. If not I will be taking them down when they start denying my access. https://twitter.com/i/web/status/2017697253771591822 https://twitter.com/i/web/status/2017697253771591822" [X Link](https://x.com/DarkWebInformer/status/2017697253771591822) 2026-01-31T20:31Z 156.4K followers, 13.8K engagements "@IntCyberDigest sup my guy @_snagg" [X Link](https://x.com/DarkWebInformer/status/2017765147293393098) 2026-02-01T01:01Z 157.5K followers, 30.9K engagements "CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths GitHub: https://github.com/Ashwesker/Ashwesker-CVE-2026-1281 https://github.com/Ashwesker/Ashwesker-CVE-2026-1281" [X Link](https://x.com/DarkWebInformer/status/2018070295572107601) 2026-02-01T21:13Z 156.6K followers, [----] engagements "β ExploitPack.com has allegedly been compromised by a threat actor who claims to have exploited a vulnerability on the site to exfiltrate all exploits spanning [--------] totaling approximately [---] MB of data including exploit code shellcodes and related files with plans to release additional kernel and control pack exploits soon. https://twitter.com/i/web/status/2018076454030897527 https://twitter.com/i/web/status/2018076454030897527" [X Link](https://x.com/DarkWebInformer/status/2018076454030897527) 2026-02-01T21:38Z 156.5K followers, 26.3K engagements "Polycom now by the name Poly Inc. has fallen victim to Everest Ransomware Allegedly [--] GB of data stolen Revenue: $1.73 Billion (FY 2021)" [X Link](https://x.com/DarkWebInformer/status/2018094563714302255) 2026-02-01T22:50Z 157.9K followers, [----] engagements "Iron Mountain has been claimed a victim to Everest Ransomware Iron Mountain is a large publicly traded information management firm generating around $6.6 billion in annual revenue" [X Link](https://x.com/DarkWebInformer/status/2018118246914785750) 2026-02-02T00:24Z 156.8K followers, [----] engagements "β a Spanish outdoor and nature app platform has allegedly had its user database leaked by "IntelShadow" exposing [------] total lines with [----] containing relevant user data including IDs device information emails and dates. http://Naturapps.es http://Naturapps.es" [X Link](https://x.com/DarkWebInformer/status/2018394116304814121) 2026-02-02T18:40Z 156.4K followers, [----] engagements "rxerium-templates: Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities. GitHub: Vouch. I have posted a lot of his repos in the past. https://github.com/rxerium/rxerium-templates https://github.com/rxerium/rxerium-templates" [X Link](https://x.com/DarkWebInformer/status/2018413232461934785) 2026-02-02T19:56Z 157.9K followers, [----] engagements "It's not often I see an .onion to a hacktivist group but here we are. π Onion: http://zwziyr6hbbqmtm7x5peu4dxyrm6wqvw7sdulvcgwcs2yvbx77cjesaad.onion" [X Link](https://x.com/DarkWebInformer/status/2018443530776232343) 2026-02-02T21:56Z 156.6K followers, [----] engagements "Infrastructure Destruction Squad claims to have breached the servers of Lawrence Livermore National Laboratory a facility affiliated with the U.S. Department of Energy. The alleged breach reportedly includes over [--] TB of sensitive data encompassing engineering blueprints classified internal video recordings and documents related to nuclear physics fusion particle acceleration and pulsed sphere experiments. The group is offering full server access for $12000. https://twitter.com/i/web/status/2018483591710224809 https://twitter.com/i/web/status/2018483591710224809" [X Link](https://x.com/DarkWebInformer/status/2018483591710224809) 2026-02-03T00:36Z 156.4K followers, [----] engagements "β A threat actor is selling a full database leak from HIMS University in Egypt containing [-----] records across multiple files. The exposed data includes student PII with plaintext passwords Fawry and Banque Misr payment transaction logs Mastercard/Banque Misr payment gateway API credentials and detailed staff bank account information. The asking price starts at $250 in Monero. https://twitter.com/i/web/status/2018712420252897719 https://twitter.com/i/web/status/2018712420252897719" [X Link](https://x.com/DarkWebInformer/status/2018712420252897719) 2026-02-03T15:45Z 157.3K followers, [----] engagements "A threat actor has leaked a citizen database from the Dominican Republic containing [---] million SQL records and [---] million citizen photos. The exposed data includes cedula numbers names civil status dates of birth sex birthplace blood type and occupation" [X Link](https://x.com/DarkWebInformer/status/2018716241578316181) 2026-02-03T16:00Z 157.7K followers, [----] engagements "OpenClaw on FOFA: FOFA: FOFA Query: app="OpenClaw" [-----] results https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From gatewayUrl CVSS: [---] Advisory: https://t.co/bDatxBUqfx Writeup: https://t.co/ohB3Zhw0fp All versions up to v2026.1.24-1 are vulnerable. Video: Ethiack https://t.co/DlzusBK2NG https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From" [X Link](https://x.com/DarkWebInformer/status/2018738518315483385) 2026-02-03T17:29Z 157.9K followers, [----] engagements "β Gozo Channel the ferry operator connecting Malta's islands confirmed it was targeted in a cyberattack on Tuesday. The company said the incident impacted certain internal IT systems but was quickly contained thanks to existing infrastructure safeguards and contingency protocols. Ferry services were not disrupted. The company emphasized that all vessels continue to run on their normal schedule and that operations remain fully unaffected. Technical teams are currently working to restore the administrative systems that were impacted and the company plans to bring in specialist cybersecurity" [X Link](https://x.com/DarkWebInformer/status/2018745481623462274) 2026-02-03T17:56Z 156.4K followers, [----] engagements "Reuters reports that French prosecutors raided Xs Paris offices on Tuesday as part of a criminal investigation originally opened in January [----] over alleged algorithm manipulation. The probe has since expanded to include charges of complicity in distributing child sexual abuse material generating sexually explicit deepfakes via the Grok AI chatbot and Holocaust denial which is a crime under French law. The raid was carried out by the Paris prosecutors cybercrime unit with support from Europol and French police. Voluntary interview summonses for April [--] have been issued to both Elon Musk and" [X Link](https://x.com/DarkWebInformer/status/2018748784834945148) 2026-02-03T18:09Z 156.5K followers, 13.9K engagements "1/2 USA - Bank Firewall & Network Admin Panel access listed for sale ($300) USA - College Software Suite (SaaS) Firewall & Network Admin Panel access listed for sale ($200) π Asia - Largest Real Estate Developer Firewall & Network Admin Panel access listed for sale ($300) Ukraine - Accounting & Finance Company Firewall & Network Admin Panel access listed for sale ($200) https://twitter.com/i/web/status/2018766517668602273 https://twitter.com/i/web/status/2018766517668602273" [X Link](https://x.com/DarkWebInformer/status/2018766517668602273) 2026-02-03T19:20Z 156.4K followers, [----] engagements ".cz BreachForums is at war with .bf BreachForums and looks like .cz got the .bf clearnet domain suspended. It's currently down. The small screenshot is small because it requires an account to sign in to look at the large snap but I don't have an account yet. It does look legit" [X Link](https://x.com/DarkWebInformer/status/2018852252673577084) 2026-02-04T01:01Z 157.3K followers, 24K engagements "Apparently someone is logged into Jeffrey Epstein's Outlook account via Reddit. https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was in the Epstein files. https://t.co/zmntv2QlrY https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was" [X Link](https://x.com/DarkWebInformer/status/2018854655485489344) 2026-02-04T01:10Z 157.8K followers, 28.3K engagements "Opps they did it again. Stop using Coinbase. π¨ Coinbase confirms an insider breach after a contractor improperly accessed data for [--] customers. BleepingComputer learned the breach occurred in December. This comes after screenshots of internal Coinbase support tools were leaked. πLearn more: https://t.co/RSbIFkGLIb π¨ Coinbase confirms an insider breach after a contractor improperly accessed data for [--] customers. BleepingComputer learned the breach occurred in December. This comes after screenshots of internal Coinbase support tools were leaked. πLearn more: https://t.co/RSbIFkGLIb" [X Link](https://x.com/DarkWebInformer/status/2018876459222450621) 2026-02-04T02:37Z 156.4K followers, 12.4K engagements "A threat actor has posted three separate listings: China Union Pay: [---] million rows of deduplicated cardholder data allegedly from China UnionPay including phone numbers names national IDs provinces carrier info and dates of birth. Crypto Currency Bundle: A [---] GB compilation of [----] million records spanning dozens of major crypto platforms including Coinbase Binance KuCoin Poloniex Bitfinex and Paxful containing combo credentials email leads and phone-linked customer data. Hong Kong Stock Investment: [------] unique rows allegedly from KGI Asia's platform containing emails phone numbers stock" [X Link](https://x.com/DarkWebInformer/status/2019109025795735714) 2026-02-04T18:01Z 156.8K followers, [----] engagements "Your "dark web monitoring" service needs your SSN name and personal details just to watch for leaks. Think about that. Dark Web Informer doesn't need any of that. Sign up with an email choose your tier and start seeing threat actor activity as it happens. That's it. http://darkwebinformer.com http://darkwebinformer.com" [X Link](https://x.com/DarkWebInformer/status/2019109028350116336) 2026-02-04T18:01Z 156.7K followers, [----] engagements "Two French educational institutions allegedly breached. Lyce Notre-Dame des Dunes and Lyce Saint-Charles. The data has been posted freely for download. The group also claims to hold [--] TB of unreleased databases from across the French sector totaling [---] million records and is threatening further leaks. https://twitter.com/i/web/status/2019122243687547327 https://twitter.com/i/web/status/2019122243687547327" [X Link](https://x.com/DarkWebInformer/status/2019122243687547327) 2026-02-04T18:53Z 156.5K followers, [----] engagements "Threat feed will be down for the next [--] minutes for an update. Will update once back up" [X Link](https://x.com/DarkWebInformer/status/2019133067215138922) 2026-02-04T19:36Z 156.7K followers, [----] engagements "OK it's back up. There was a memory leak that should be resolved now. If the feed showed that it failed to load randomly that was the issue. I am monitoring and will adjust if needed. Threat feed will be down for the next [--] minutes for an update. Will update once back up. Threat feed will be down for the next [--] minutes for an update. Will update once back up" [X Link](https://x.com/DarkWebInformer/status/2019137106422157596) 2026-02-04T19:52Z 156.7K followers, [----] engagements "A large collection of email-only crypto databases is being offered for sale covering U.S. and mixed geographies from [--------]. The actor is providing a list of available databases and samples with purchases handled via Telegram on a per-database basis" [X Link](https://x.com/DarkWebInformer/status/2019138206302941527) 2026-02-04T19:57Z 156.8K followers, [----] engagements "TLDFinder: A streamlined tool for discovering private TLDs for security research. GitHub: TLD based DNS lookups (Passive) TLD based DNS lookups (Active) STD IN/OUT and TXT/JSON output https://github.com/projectdiscovery/tldfinder https://github.com/projectdiscovery/tldfinder" [X Link](https://x.com/DarkWebInformer/status/2019140941668577729) 2026-02-04T20:08Z 157.9K followers, [----] engagements "PLAY Ransomware claims [--] victims Woodfield CBH Homes ISTS" [X Link](https://x.com/DarkWebInformer/status/2019148727316017302) 2026-02-04T20:39Z 156.5K followers, [----] engagements "A data set for GiftOnCard a Serbia-based gift card platform is being sold with the seller claiming to still have active access. The leak includes [------] web user records with passwords [------] card registration entries and [---] million gift card records containing detailed cardholder PII transaction data and loyalty program information. https://twitter.com/i/web/status/2019151522915930436 https://twitter.com/i/web/status/2019151522915930436" [X Link](https://x.com/DarkWebInformer/status/2019151522915930436) 2026-02-04T20:50Z 156.7K followers, [----] engagements "CVE-2026-25049: N8n AI Workflow Remote Code Execution "This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly it can lead to full server compromise depending on deployment configuration." https://twitter.com/i/web/status/2019159982940516686 https://twitter.com/i/web/status/2019159982940516686" [X Link](https://x.com/DarkWebInformer/status/2019159982940516686) 2026-02-04T21:23Z 156.7K followers, [----] engagements "Video Credit: http://youtube.com/@SecureLayer7 http://youtube.com/@SecureLayer7" [X Link](https://x.com/DarkWebInformer/status/2019159984928432454) 2026-02-04T21:23Z 156.6K followers, [----] engagements "Just a reminder I am no longer posting on LinkedIn see below. I currently only post on the following socials: X Infosec Exchange Telegram Discord. I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange https://t.co/uib5AuBe35 I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by" [X Link](https://x.com/DarkWebInformer/status/2019165840189338098) 2026-02-04T21:47Z 156.6K followers, [----] engagements "A known initial access broker is selling firewall and network admin panel access to three government entities: Thailand Government-Owned Visa Program: Root RCE + shell access on a Linux firewall priced at $300. Palestinian Government Agency (Foreign Aid Portal): Same level of access on a Linux firewall priced at $400. Indonesian Government Land Authority: Root RCE + shell + network admin panel on a Linux firewall priced at $300" [X Link](https://x.com/DarkWebInformer/status/2019169038232944887) 2026-02-04T21:59Z 156.7K followers, 10.7K engagements "Ransomware Attack Update - February 4th [----] https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/" [X Link](https://x.com/DarkWebInformer/status/2019174569676792283) 2026-02-04T22:21Z 156.7K followers, [----] engagements "Threat Attack Update - February 4th [----] https://darkwebinformer.com/threat-attack-update-february-4th-2026/ https://darkwebinformer.com/threat-attack-update-february-4th-2026/" [X Link](https://x.com/DarkWebInformer/status/2019175699865596092) 2026-02-04T22:26Z 156.7K followers, [----] engagements "Daily Dose of Dark Web Informer - February 4th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/" [X Link](https://x.com/DarkWebInformer/status/2019178897472893140) 2026-02-04T22:38Z 156.7K followers, [----] engagements "Seems the war is far from over" [X Link](https://x.com/DarkWebInformer/status/2019186223416246731) 2026-02-04T23:08Z 157.3K followers, [----] engagements "RT @DarkWebInformer: [---] TB of data No shot" [X Link](https://x.com/DarkWebInformer/status/2019200288180302214) 2026-02-05T00:03Z 156.5K followers, [---] engagements "Guardia Civil Dismantled a Bank Mule Network in La Rioja Under Operation Vicentius Spain's Guardia Civil has identified [--] suspects linked to fraud money laundering and unauthorized access to computer systems. The group allegedly operated fake cryptocurrency investment platforms and used remote access software to drain victims' bank accounts and take out loans in their names causing an estimated [------] in total losses. Stolen funds were funneled to accounts in Denmark Lithuania the United Kingdom and China. The investigation remains ongoing as authorities work to trace and recover the money." [X Link](https://x.com/DarkWebInformer/status/2019426902675427404) 2026-02-05T15:04Z 156.7K followers, [----] engagements "WordPress admin and shell access to a UK-based online shop is being auctioned. The store processes payments via Stripe iframe with roughly [---] orders across the last three months and a 70% unique order rate. The auction starts at $700 with a blitz price of $1500" [X Link](https://x.com/DarkWebInformer/status/2019433499380568574) 2026-02-05T15:30Z 157.9K followers, [----] engagements "β Order data from Family Cinema a French movie theater chain is allegedly being sold totaling [------] orders from [-----] unique customers spanning [----] to [----]. The exposed records include emails phone numbers full addresses dates of birth IP addresses payment details and detailed ticket purchase history including film titles and showtime information. A 1000-line sample has been posted freely. https://twitter.com/i/web/status/2019463428323045804 https://twitter.com/i/web/status/2019463428323045804" [X Link](https://x.com/DarkWebInformer/status/2019463428323045804) 2026-02-05T17:29Z 156.7K followers, [----] engagements "Two French organizations have allegedly been breached by the same threat actor: Fdration Franaise de la Randonne Pdestre: Data from [------] members of France's national hiking federation is for sale containing [------] unique emails and [------] unique phone numbers from [--------] license holders. CCAS Dunkerque: Records of [-----] individuals receiving social assistance from the Community Center for Social Action in Dunkerque including [-----] unique phone numbers and [-----] unique emails. The data includes family groupings and welfare recipient details." [X Link](https://x.com/DarkWebInformer/status/2019479263523549262) 2026-02-05T18:32Z 156.7K followers, [----] engagements "@fbi__open__up He will serve [--] years of supervised release when he serves his prison sentence. "In addition to the prison term LIN [--] of Taiwan was sentenced to five years of supervised release and $105045109.67 in forfeiture." https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online" [X Link](https://x.com/DarkWebInformer/status/2019480785061851142) 2026-02-05T18:38Z 156.5K followers, [---] engagements "CISA has added two vulnerabilities to the KEV Catalog CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution. CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability: React Native Community CLI contains an OS command injection" [X Link](https://x.com/DarkWebInformer/status/2019508092392894726) 2026-02-05T20:27Z 156.7K followers, [----] engagements "βLeakBase has been down for about two days now. The last two times the site went offline it remained down for a week or two. Theres no information on any new domains or updates and no recent news regarding the site. It is however hosted by the notorious Njalla" [X Link](https://x.com/DarkWebInformer/status/2019558700424544443) 2026-02-05T23:48Z 157.6K followers, [----] engagements "Network access to a U.S. retail and supply chain management company with $1.5M+ in revenue is being sold for $12000. The listing claims SonicWall VPN RDP and SSH access with certificates to 6+ dev servers domain user privileges and database access across 8+ large databases (MSSQL Redis MySQL). The network allegedly spans 140+ stores across [--] states with approximately [----] endpoints [--] domain controllers and 12TB of data" [X Link](https://x.com/DarkWebInformer/status/2019842827878896008) 2026-02-06T18:37Z 157.9K followers, [----] engagements "Atlas Air has been claimed a victim to Everest Ransomware" [X Link](https://x.com/DarkWebInformer/status/2019908230579728781) 2026-02-06T22:57Z 157.9K followers, [----] engagements "Approximately [--] minutes ago [----------] BTC ($181K) was transferred to Bitcoins genesis address effectively burning the funds β«π₯ https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa" [X Link](https://x.com/DarkWebInformer/status/2019928680072692174) 2026-02-07T00:18Z 157.9K followers, 16.6K engagements "Access to Peru's capital regional government portal is being sold for $200 with root RCE shell and network admin panel on a Linux firewall device" [X Link](https://x.com/DarkWebInformer/status/2021346696610164895) 2026-02-10T22:13Z 158.2K followers, [----] engagements "3/3 Domain admin access to a Swiss manufacturing company with $15M in revenue is being auctioned. The listing specifies Sophos VPN with Sophos antivirus. Auction starts at $1500 with a blitz price of $3000" [X Link](https://x.com/DarkWebInformer/status/2021622093037879593) 2026-02-11T16:27Z 158.2K followers, [----] engagements "A data set allegedly from Zain Kuwait a major telecommunications provider has been posted for sale containing [-------] subscriber records totaling 11.3GB in JSON format. The breach is dated [----] and includes subscriber numbers owner names and associate names. Sample data shows Arabic-language subscriber records with phone numbers verification status and spam flags. The seller offers tiered pricing in Monero: [--] XMR for takedown [--] XMR for exclusive purchase with deletion [--] XMR for non-exclusive access or [--] XMR for the scraping exploit itself." [X Link](https://x.com/DarkWebInformer/status/2021625660540621301) 2026-02-11T16:41Z 158.2K followers, [----] engagements "β Brillen (operated by SuperVista AG) dataset allegedly leaked π Germany Type: Data Breach Threat actor: Meow Records: [-------] A forum post claims that Brillen a German eyewear retailer operated by SuperVista AG suffered a data breach in September [----] resulting in over [---] million rows of user data being compromised. The actor states the company fixed the vulnerability internally without making a public announcement. Data includes: First name last name email contact number DOB gender age street address postal code and city" [X Link](https://x.com/DarkWebInformer/status/2021970537816179051) 2026-02-12T15:31Z 158.2K followers, [----] engagements "Threat Attack Update - February 12th [----] https://darkwebinformer.com/threat-attack-update-february-12th-2026/ https://darkwebinformer.com/threat-attack-update-february-12th-2026/" [X Link](https://x.com/DarkWebInformer/status/2022087028452786610) 2026-02-12T23:14Z 158.2K followers, [----] engagements "Daily Dose of Dark Web Informer - February 12th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/" [X Link](https://x.com/DarkWebInformer/status/2022097808715899181) 2026-02-12T23:57Z 158.2K followers, [----] engagements "π¨Cl0p Ransomware Claims [--] Victims Al Jomaih Automotive Fruit of the Loom Frontrol Humana Oracle Abbott Laboratories Mazda MAS Holdings Canon Trane Technologies Grupo Bimbo Bechtel Este Lauder Companies Alshaya Group Fleetship Management Mazda USA Worley L&L Products University of Phoenix Treet Corporation Greater Cleveland RTA A10 Networks Envoy Broadcom Southern Illinois University Dooney & Bourke WellBiz Brands Michelin Sumitomo Chemical Greenball Corporation https://twitter.com/i/web/status/1991550211500421456 https://twitter.com/i/web/status/1991550211500421456" [X Link](https://x.com/DarkWebInformer/status/1991550211500421456) 2025-11-20T16:52Z 158.2K followers, 45.7K engagements "π¨ Pickett USA Engineering data dump for sale - [-----] GB of engineering data from major U.S. electricity utilities. Clients affected: Tampa Electric Company (TECO) Duke Energy Florida (DEF) American Electric Power (AEP) Data exposed (139.1 GB - [---] files): 800+ classified raw LiDAR point cloud files (.las format [---] MB to 2+ GB each) Transmission line corridors and substations coverage High resolution orthophotos (.ecw format up to [---] MB per project) MicroStation design files (.dgn) and PTC settings Vegetation feature files (up to [--] GB) Fixed price: [---] Bitcoin (BTC) or Monero (XMR)" [X Link](https://x.com/DarkWebInformer/status/2006842644446708216) 2026-01-01T21:39Z 158.2K followers, [----] engagements "π¨ SLSH (Scattered LAPSUS$ ShinyHunters) is actively targeting 100+ enterprises via live phishing panels Targets include: Technology & Software: Atlassian AppLovin Canva Epic Games Genesys HubSpot RingCentral ZoomInfo Iron Mountain Fintech & Payments: Adyen Jack Henry Shift4 Payments SoFi Biotech & Pharma: Alnylam Amgen Arvinas Biogen Gilead Sciences Moderna Neurocrine Biosciences Financial Services / Banking: Apollo Global Mgmt Blackstone Cohen & Steers Frost Bank goeasy Ltd. Guild Mortgage Morningstar RBC Securian Financial State Street TPG Capital Real Estate (REITs & Investment): Avison" [X Link](https://x.com/DarkWebInformer/status/2016709518554534383) 2026-01-29T03:06Z 158.2K followers, 14.8K engagements "β Firewall and network admin panel access to a Chinese finance organization is being sold for $300. The listing claims root RCE plus shell access on a Linux-based firewall device. The seller a known initial access broker is accepting contact through Session" [X Link](https://x.com/DarkWebInformer/status/2018762621034340377) 2026-02-03T19:04Z 158.2K followers, [----] engagements "β Data from "Choisir le service public" the French government's official public sector job portal is allegedly being sold. The listing claims to contain records of [------] job seekers with proof screenshots showing candidate profiles including personal details emails phone numbers and application history. https://twitter.com/i/web/status/2018790474115613160 https://twitter.com/i/web/status/2018790474115613160" [X Link](https://x.com/DarkWebInformer/status/2018790474115613160) 2026-02-03T20:55Z 158.2K followers, [----] engagements "A set of [---] Canadian credit cards obtained via sniffing is being auctioned with a claimed 7595% validity rate. The data includes full card numbers CVVs expiration dates names addresses phone numbers emails and IPs. Card balances reportedly range from $300$600. The auction starts at $2000 with a blitz price of $6000. https://twitter.com/i/web/status/2019883611705733216 https://twitter.com/i/web/status/2019883611705733216" [X Link](https://x.com/DarkWebInformer/status/2019883611705733216) 2026-02-06T21:19Z 158.2K followers, [----] engagements "β RDP access with user rights to an Australian machinery and equipment company with $12M+ in revenue is being sold for $800. The listing notes Trend Micro antivirus is in place" [X Link](https://x.com/DarkWebInformer/status/2021331516312502588) 2026-02-10T21:12Z 158.2K followers, [----] engagements "CVE-2024-27564: OpenAI ChatGPT Server-Side Request Forgery PoC: Vulnerable Parameter : pictureproxy.phpurl=payload A vulnerability in pictureproxy.php allows remote attackers to perform arbitrary requests by injecting URLs into the url parameter. This SSRF vulnerability can be exploited without authentication. https://github.com/chsxthwik/CVE-2024-27564 https://github.com/chsxthwik/CVE-2024-27564" [X Link](https://x.com/DarkWebInformer/status/2021648292627550220) 2026-02-11T18:11Z 158.2K followers, [----] engagements "β BD Anonymous targeted the website of Tel Aviv University" [X Link](https://x.com/DarkWebInformer/status/2021697379968159957) 2026-02-11T21:26Z 158.2K followers, [----] engagements "0APT has claimed [--] victims. Newly named as of Jan [--] the group is already calling out some MAJOR organizations. Possible scam group HCA Healthcare (UK Private Division) Vestas Wind Systems Edwards Lifesciences Keysight Technologies Hologic Galderma Sysmex Corporation Align Technology Snap-on Incorporated Varian Medical Systems Bruker BioSpin Teledyne Technologies Terumo Corporation Xylem Inc. bioMrieux Ingersoll Rand Masimo Halma PerkinElmer Zebra Technologies Andritz Group Prince Court Medical Hexagon AB Al-Futtaim Conglomerate Sandvik Coromant Teleflex ResMed Epworth Private Healthcare" [X Link](https://x.com/DarkWebInformer/status/2019094375486120107) 2026-02-04T17:03Z 158.2K followers, [----] engagements "139 TB of data No shot" [X Link](https://x.com/DarkWebInformer/status/2019145752308806075) 2026-02-04T20:27Z 158.2K followers, 179.9K engagements "Webmail credentials for the Argentine Air Force (Fuerza Area Argentina) have been posted freely with screenshots showing access to internal email accounts at webcorreo.faa.mil.ar. The proof includes views of official correspondence personnel documents judicial records and internal communications referencing brigade operations union matters and personnel evaluations. https://twitter.com/i/web/status/2019802419891204119 https://twitter.com/i/web/status/2019802419891204119" [X Link](https://x.com/DarkWebInformer/status/2019802419891204119) 2026-02-06T15:56Z 158.2K followers, [----] engagements "Vouch: A contributor trust management system based on explicit vouches to participate. GitHub: https://github.com/mitchellh/vouch https://github.com/mitchellh/vouch" [X Link](https://x.com/DarkWebInformer/status/2020296792307646478) 2026-02-08T00:41Z 158.2K followers, [----] engagements "β A data set allegedly from Inter Rapidsimo described as Colombia's largest cargo and courier company has been posted with [------] customer records. The dump is dated February [----] and includes user IDs names passwords phone numbers emails addresses authentication data API tokens location IDs registration numbers and internal platform settings. http://interrapidisimo.com http://interrapidisimo.com" [X Link](https://x.com/DarkWebInformer/status/2021242943382634666) 2026-02-10T15:20Z 158.2K followers, 61.9K engagements "Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Allegedly Exposes Thousands of Instances (CVE-2026-1731) https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/ https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/" [X Link](https://x.com/DarkWebInformer/status/2021270130286567584) 2026-02-10T17:08Z 158.2K followers, [----] engagements "Cl0p Ransomware Claims [--] Victims ANS Tech Inc Hudson Executive IT Architects Proactive Medical Smith IP Services BE09 Broadreach Retail RBD Construction Che Hardy Gokall IT Hudson Sustainable OneSupport GiaSpace GiaCare Hyde Park UMC AIG Business The Perpetual Garner Group Spohn Associates CFDT Boyden https://twitter.com/i/web/status/2021290815964725684 https://twitter.com/i/web/status/2021290815964725684" [X Link](https://x.com/DarkWebInformer/status/2021290815964725684) 2026-02-10T18:30Z 158.2K followers, [----] engagements "A U.S. military aerospace simulations and defense contractor is being sold for $400 with root RCE shell access and a hijacked admin panel session on a Linux firewall device" [X Link](https://x.com/DarkWebInformer/status/2021345913319588062) 2026-02-10T22:09Z 158.2K followers, [----] engagements "1/3 Domain admin access to a Moroccan manufacturing company with $20M in revenue is being auctioned. The listing specifies Sophos VPN with Trend Micro antivirus. Auction starts at $1500 with a blitz price of $3500" [X Link](https://x.com/DarkWebInformer/status/2021622087828279801) 2026-02-11T16:27Z 158.2K followers, [----] engagements "WordPress admin shell and database access to an international e-commerce store is being auctioned. The site has a $601.91 average order value with [---] orders in January (351 card [--] crypto) and [---] in February (109 card [--] crypto). A payment card redirect tap is in place with 100% unique orders. The auction starts at $1000 with a blitz price of $2500. https://twitter.com/i/web/status/2021637425286816189 https://twitter.com/i/web/status/2021637425286816189" [X Link](https://x.com/DarkWebInformer/status/2021637425286816189) 2026-02-11T17:28Z 158.2K followers, [----] engagements "I simplified the UI for the GitHub advisories. The additional details. CWE references timestamps etc are now available in the detail modal. It's not complete but it's getting there. π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking it will be available at the end of February but I haven't decided on what tier. Faster loading and filtering - Searching sorting and switching https://t.co/3qSEmilOIt π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking" [X Link](https://x.com/DarkWebInformer/status/2021653109282681216) 2026-02-11T18:30Z 158.2K followers, [----] engagements "I made some changes to the Keyword Notifications which only works for new blog posts. It is streamlined to use the same notification setup as the threat feeds but applies to blog posts to not interfere. Be sure to setup browser notifications for the threat feeds separately" [X Link](https://x.com/DarkWebInformer/status/2021674304530755807) 2026-02-11T19:54Z 158.2K followers, [----] engagements "Chris Titus Tech's Windows Utility: It is meant to streamline installs debloat with tweaks troubleshoot with config and fix Windows updates GitHub: https://github.com/ChrisTitusTech/winutil https://github.com/ChrisTitusTech/winutil" [X Link](https://x.com/DarkWebInformer/status/2021683095032725920) 2026-02-11T20:29Z 158.2K followers, [----] engagements "Odido Telecom Says Customer Data Compromised in Cyberattack The breach involves personal data from a customer contact system used by Odido. Approximately [---] million accounts are said to be affected. The intrusion was discovered several days ago. The following data was exposed according to Obido: Full name Address and city of residence Mobile number Customer number Email address IBAN (bank account number) Date of birth Identification details (passport or driver's license number and expiration date)" [X Link](https://x.com/DarkWebInformer/status/2021977514747302324) 2026-02-12T15:59Z 158.2K followers, [----] engagements "The Hackers Who Trolled The FBI (twice) On March 15th [----] the FBI led a coordinated takedown of BreachForums the largest data-leak forum on the internet after years of silently tracking its members from Diogo Santos Coelho's RaidForums to Pompompurin's reign and Baphomet's brief attempt to keep it alive. The operation unraveled a network of cybercriminals including ShinyHunters a group behind some of the biggest corporate breaches in history who had spent years openly trolling the FBI. https://twitter.com/i/web/status/2021985395081195767 https://twitter.com/i/web/status/2021985395081195767" [X Link](https://x.com/DarkWebInformer/status/2021985395081195767) 2026-02-12T16:30Z 158.2K followers, [----] engagements "Video Credit: http://youtube.com/@ByPandemonium http://youtube.com/@ByPandemonium" [X Link](https://x.com/DarkWebInformer/status/2021985397937774879) 2026-02-12T16:31Z 158.2K followers, [----] engagements "π₯ Ransomware Decryptor Database: A free searchable database of 150+ ransomware decryption tools. Search by name file extension or vendor. Mostly sourced from the No More Ransom Project. https://darkwebinformer.com/ransomware-decryptor-database/ https://darkwebinformer.com/ransomware-decryptor-database/" [X Link](https://x.com/DarkWebInformer/status/2022001385991287161) 2026-02-12T17:34Z 158.2K followers, [----] engagements "Source links go to the vendor's decryptor page not direct downloads. If you know of a link to a guide/decryptor source that isn't listed/missing. Let me know and I will verify and add it" [X Link](https://x.com/DarkWebInformer/status/2022001388004479386) 2026-02-12T17:34Z 158.2K followers, [----] engagements "And so another chapter begins. A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB" [X Link](https://x.com/DarkWebInformer/status/2022007610753659112) 2026-02-12T17:59Z 158.2K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS macOS tvOS watchOS and visionOS contain an improper restriction of operations" [X Link](https://x.com/DarkWebInformer/status/2022020858974253458) 2026-02-12T18:51Z 158.2K followers, 11.7K engagements "Ransomware Attack Update - February 12th [----] https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/" [X Link](https://x.com/DarkWebInformer/status/2022076530885824792) 2026-02-12T22:33Z 158.2K followers, [----] engagements "Email with the new design came broken will be fixed for tomorrow's email. View from the website instead" [X Link](https://x.com/DarkWebInformer/status/2022099556629094903) 2026-02-13T00:04Z 158.2K followers, [----] engagements "π°ADT Inc has Filed ANOTHER Form 8-K due to a Cybersecurity Incident https://darkwebinformer.com/adt-inc-has-filed-another-form-8-k-due-to-a-cybersecurity-incident/ https://darkwebinformer.com/adt-inc-has-filed-another-form-8-k-due-to-a-cybersecurity-incident/" [X Link](https://x.com/DarkWebInformer/status/1843647164838490133) 2024-10-08T13:38Z 158.1K followers, [----] engagements "hackGPT: I leverage OpenAI and ChatGPT to do hackerish things Link: GitHub: https://github.com/NoDataFound/hackGPT http://hackGPT.com https://github.com/NoDataFound/hackGPT http://hackGPT.com" [X Link](https://x.com/DarkWebInformer/status/1926762230705541169) 2025-05-25T22:08Z 158.1K followers, 175.8K engagements "There appears to be a massive outage going on. Twitch Discord Google Cloud Google Google Meet Google Nest CharacterAI Etsy Khan Academy Google Drive Google Maps Pokemon TCG Dialpad Mailchimp HighLevel Amazon Web Services OpenAI Cloudflare Anthropic Breezeline Dragon Ball State Farm Embark Studios Gmail Rocket League DoorDash Wells Fargo Marvel MLB TV Google Gemini Fortnite Spotify Shopify Snapchat Tekken Box Equifax Roll20 Cursor Looker Studio FuboTV IKEA reCAPTCHA GitLab Steam Clover POS Systems AMC Theatres NPM" [X Link](https://x.com/DarkWebInformer/status/1933228066626494492) 2025-06-12T18:21Z 158.1K followers, 777K engagements "π¨π¨Archetyp Darknet Market the world's largest Darknet Market has been seized by law enforcement" [X Link](https://x.com/DarkWebInformer/status/1934542912328520059) 2025-06-16T09:25Z 158.2K followers, 168.8K engagements "π¨Alleged Data Breach of Hotel Regina Isabella 30K+ Guest Passport & ID Scans Industry: Hospitality / Luxury Resorts Threat Actor: mydocs Forum: DarkForums Network: Clearnet Dark Web Details: A threat actor is selling over [-----] high-resolution scans and photos of guest identity documents allegedly obtained from a private source linked to Hotel Regina Isabella a high-end resort located in Ischia Italy. The dataset includes a wide variety of global ID types and document formats. Leaked data includes: 30K+ guest identity document scans Document types: Passports (EU US Middle East) Italian ID" [X Link](https://x.com/DarkWebInformer/status/1952753161950617748) 2025-08-05T15:26Z 158.1K followers, [----] engagements "π¨D4RK 4RMY Ransomware Claims [--] New Victims Mizuha Financial Group Tsai Capital Onex Canada Asset Management Inc Magellan Financial Group Bridgewater Associates" [X Link](https://x.com/DarkWebInformer/status/1953497049669751180) 2025-08-07T16:42Z 158K followers, [----] engagements "InstagramPrivSniffer: Views Instagram private account's media without login GitHub: https://github.com/obitouka/InstagramPrivSniffer https://github.com/obitouka/InstagramPrivSniffer" [X Link](https://x.com/DarkWebInformer/status/1971266484321255492) 2025-09-25T17:32Z 158.1K followers, 174.4K engagements "iptv: Collection of publicly available IPTV channels from all over the world GitHub: Channels: (38065channel(s)) https://iptv-org.github.io/ https://github.com/iptv-org/iptv https://iptv-org.github.io/ https://github.com/iptv-org/iptv" [X Link](https://x.com/DarkWebInformer/status/1990549999416193212) 2025-11-17T22:37Z 158.1K followers, 309.5K engagements "π¨176 transfers have been made from the Silk Road crypto wallet in the last [--] hours https://intel.arkm.com/explorer/entity/silk-road https://intel.arkm.com/explorer/entity/silk-road" [X Link](https://x.com/DarkWebInformer/status/1998546770859798576) 2025-12-10T00:14Z 158.2K followers, 312.5K engagements "π¨BreachForums is back again. Clearnet: breachforums.bf Dark Web: http://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion IP: 91.215.85.48 ASN: [------] Server: Apache/2.4.65 (Debian) IP: 45.134.26.22 ASN: [------] Server: Apache/2.4.65 (Debian)" [X Link](https://x.com/DarkWebInformer/status/2000237028298899599) 2025-12-14T16:10Z 158.1K followers, 95.1K engagements "π¨ Alleged leak of CAF (Caisse dAllocations Familiales) Lines: [--------] Size: 15.3GB" [X Link](https://x.com/DarkWebInformer/status/2001450150238073342) 2025-12-18T00:31Z 158.2K followers, 76.1K engagements "π¨ Alleged Sale of Major Web3 Rewards Platform Database Affecting 467K Users" [X Link](https://x.com/DarkWebInformer/status/2003593149718098381) 2025-12-23T22:26Z 158K followers, [----] engagements "βThreat actor auctioning RDP access to an Italian manufacturing company π Italy Access Type: RDP Privileges: Domain User Hosts: [--] Threat Actor: Big-Bro Samples: No Auction Details: Start: $850 Step: $250 Flash/Blitz: $1500" [X Link](https://x.com/DarkWebInformer/status/2009421359064207661) 2026-01-09T00:25Z 157.9K followers, [----] engagements "π§leaker: A leak discovery tool that returns valid credential leaks for emails using passive online sources. GitHub: Nice password examples π https://github.com/vflame6/leaker https://github.com/vflame6/leaker" [X Link](https://x.com/DarkWebInformer/status/2010796350607335435) 2026-01-12T19:29Z 158.2K followers, 119K engagements "In October [----] a critical server-side flaw in Instagram made it possible for unauthenticated attackers to view private photos and captions without needing to log in or to follow the account. Instagram silently patched the vulnerability. Heres how the PoC worked" [X Link](https://x.com/DarkWebInformer/status/2015814625502076963) 2026-01-26T15:50Z 158.2K followers, 28.7K engagements "CVE-2026-24061: Telnet RCE Exploit GitHub: This script exploits the CVE-2026-24061 vulnerability in Telnet servers using a malformed USER environment variable. CVSS: [---] Usage: python telnet_rce.py host -p port Arguments: host: Target IP address or hostname (required) -p --port: Target port (default: 23) Example: python telnet_rce.py 192.168.1.100 python telnet_rce.py -p [--] http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061 http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061" [X Link](https://x.com/DarkWebInformer/status/2015939270662619431) 2026-01-27T00:05Z 158.2K followers, 46.5K engagements "A threat actor is selling a hidden crypto contract checker tool built in Go for $15000 ($12000 for the first buyer) which scans EVM addresses across multiple networks including Ethereum BSC Polygon Arbitrum and Avalanche to identify contracts with hidden balances not detected by platforms like DeBank with lifetime updates and planned XMR Monero and Solana support. https://twitter.com/i/web/status/2018362829015781760 https://twitter.com/i/web/status/2018362829015781760" [X Link](https://x.com/DarkWebInformer/status/2018362829015781760) 2026-02-02T16:36Z 158.1K followers, 31.8K engagements "AutoPentestX - Linux Automated Pentesting & Vulnerability Reporting Tool GitHub: https://github.com/Gowtham-Darkseid/AutoPentestX https://github.com/Gowtham-Darkseid/AutoPentestX" [X Link](https://x.com/DarkWebInformer/status/2018388181960347886) 2026-02-02T18:16Z 158.2K followers, 38.2K engagements "Confidential military data from SEKISUI Aerospace Corporation a Tier [--] supplier for Boeing 737/787 programs and U.S. military contracts is allegedly being sold for $200000. The [--] GB package reportedly contains ITAR/export-controlled engineering drawings STEP and CATIA files bills of materials with Boeing part numbers tooling and fixture data and 3D assembly models tied to programs for Boeing Commercial Boeing Defense NASA Lockheed Martin and Northrop Grumman. https://twitter.com/i/web/status/2018719471364403300 https://twitter.com/i/web/status/2018719471364403300" [X Link](https://x.com/DarkWebInformer/status/2018719471364403300) 2026-02-03T16:13Z 158.1K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/" [X Link](https://x.com/DarkWebInformer/status/2018771462761443359) 2026-02-03T19:39Z 158K followers, [----] engagements "CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data https://t.co/sLpMXScxsC https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552" [X Link](https://x.com/DarkWebInformer/status/2018771709164191796) 2026-02-03T19:40Z 157.9K followers, [----] engagements "500 "validated" Fortinet VPN credentials collected from stealer logs are being auctioned with duplicates removed and validity confirmed via Tmchecker across multiple countries. The auction starts at $1500 with a flash price of $3000" [X Link](https://x.com/DarkWebInformer/status/2019078850433462415) 2026-02-04T16:01Z 158K followers, [----] engagements "The IOC darkforums.io domain has been suspended. The new IOC domain is darkforums.me" [X Link](https://x.com/DarkWebInformer/status/2019169526772818087) 2026-02-04T22:01Z 158.2K followers, 23.6K engagements ".cz BreachForums was briefly defaced by what looks like a XSS vuln in XenForo. XenForo is a popular forum platform that I have seen used by a lot of actors most of which I have identified in my Threat-Surface repo on GitHub. Credit to antisocial for sending the video" [X Link](https://x.com/DarkWebInformer/status/2019186220891533608) 2026-02-04T23:08Z 158.2K followers, 15.8K engagements "Incognito Market Owner "Pharaoh" Sentenced to [--] Years for Running $105M Dark Web Drug Empire Rui-Siang Lin a 24-year-old Taiwanese national who operated under the pseudonym "Pharaoh" was sentenced to [--] years in federal prison on February [--] [----] for running Incognito Market one of the largest dark web narcotics marketplaces ever created. The platform which operated from October [----] until its closure in March [----] facilitated over [------] drug transactions totaling more than $105 million in sales. Its inventory included over [----] kilograms each of cocaine and methamphetamine along with" [X Link](https://x.com/DarkWebInformer/status/2019448598413603166) 2026-02-05T16:30Z 158K followers, 22.3K engagements "Dutch authorities just seized one Windscribe VPN server without a warrant claiming they'll return it after they "fully analyze it." They say their real concern "is the unredacted Epstein files we had on there."" [X Link](https://x.com/DarkWebInformer/status/2019566927782506890) 2026-02-06T00:20Z 158.2K followers, 15.8K engagements "A dataset of [-----] cryptocurrency leads is being sold for $5000 with only one copy available. The data allegedly collected from advertising campaigns includes [-----] unique phone numbers and [-----] unique emails spanning multiple countries including Australia UK Canada France and over [--] others. Records contain names contact details registration dates and country information. https://twitter.com/i/web/status/2019798289630081182 https://twitter.com/i/web/status/2019798289630081182" [X Link](https://x.com/DarkWebInformer/status/2019798289630081182) 2026-02-06T15:40Z 158.1K followers, [----] engagements "An initial access broker is selling full control access to two separate targets for $300 each. A European private file host and the second is a private AI business communications infrastructure platform. Both listings claim Linux OS firewall device access and root RCE with shell and network admin panel permissions. https://twitter.com/i/web/status/2020557187672686914 https://twitter.com/i/web/status/2020557187672686914" [X Link](https://x.com/DarkWebInformer/status/2020557187672686914) 2026-02-08T17:55Z 158.1K followers, 10K engagements "β A data set allegedly from casio.ru the Russian arm of Casio has been posted with over [--] million records. The data includes full names cities addresses phone numbers and country fields. Sample records show Russian citizens from cities including Tyumen Magnitogorsk Nizhny Tagil Ekaterinburg Chelyabinsk and Surgut. https://twitter.com/i/web/status/2021263319345045744 https://twitter.com/i/web/status/2021263319345045744" [X Link](https://x.com/DarkWebInformer/status/2021263319345045744) 2026-02-10T16:41Z 158.1K followers, [----] engagements "XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687) https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/ https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/" [X Link](https://x.com/DarkWebInformer/status/2021281210136170650) 2026-02-10T17:52Z 158.1K followers, [----] engagements "CISA has added [--] vulnerabilities to the KEV Catalog CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. CVE-2026-21510: Microsoft Windows Shell Protection Mechanism" [X Link](https://x.com/DarkWebInformer/status/2021296309005594928) 2026-02-10T18:52Z 158.2K followers, [----] engagements "New Forum: TierOne a/k/a T1erOne jprrin6bqe3flvtpyxkt4zsmzc3u6vvn7ahgtcbul224w3xn4h3gawid.onion t1eron3.vip Credit: @club31337" [X Link](https://x.com/DarkWebInformer/status/2022004161458712898) 2026-02-12T17:45Z 158.2K followers, [----] engagements "π₯ Working on a new open source script that will be uploaded to GitHub sometime this month. It scans a base domain (example darkforums) across 224+ TLDs to find every registered variant. For each hit it pulls DNS records WHOIS registration data (registrar creation date registrant) TLS certificates and HTTP details including the page title. It flags newly registered domains suspicious TLDs parked pages and privacy-protected WHOIS. It outputs clickable terminal links auto-saves results to JSON with scan-over-scan diffing to catch new registrations. Python code with no APIs no dependencies no" [X Link](https://x.com/DarkWebInformer/status/2019824487198347427) 2026-02-06T17:24Z 158.2K followers, [----] engagements "β Effective Feb 12th the @DarkWebIntelBot will be parked and will no longer provide intel. X released a pay-per-use API shortly after I made the below post and deprecated the free tier altogether. It's no longer worth maintaining. The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing cycle is over. It is not worth the $200 a month and could be better used towards infrastructure. All the current alerts on that account will still flow but will likely be rate The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing" [X Link](https://x.com/DarkWebInformer/status/2020594011682345232) 2026-02-08T20:22Z 158.2K followers, 15K engagements "β A threat actor is auctioning domain admin access to a U.S. construction management company with an estimated revenue of $20 million. The listing specifies Fortinet VPN access with SentinelOne antivirus in place. The auction starts at $2000 with a $500 step and a blitz price of $4000. https://twitter.com/i/web/status/2020895111630979114 https://twitter.com/i/web/status/2020895111630979114" [X Link](https://x.com/DarkWebInformer/status/2020895111630979114) 2026-02-09T16:18Z 158.2K followers, [----] engagements "CVE-2025-1974: Kubernetes IngressNightmare Vulnerability CVSS: [---] PoC: PoC Published: March 26th [----] https://github.com/hakaioffsec/IngressNightmare-PoC https://github.com/hakaioffsec/IngressNightmare-PoC" [X Link](https://x.com/DarkWebInformer/status/2021023687680589873) 2026-02-10T00:49Z 158.2K followers, 15.5K engagements "Domain user access to a Saudi Arabian airports and air services transportation company with $650K+ in revenue is being auctioned. The listing claims RDWEB access [--] domain controllers [----] domain computers a publicly traded company (stock symbol noted) and Micro Trend antivirus. Auction starts at $3500 with a blitz price of $4500. https://twitter.com/i/web/status/2021265154281804055 https://twitter.com/i/web/status/2021265154281804055" [X Link](https://x.com/DarkWebInformer/status/2021265154281804055) 2026-02-10T16:49Z 158.2K followers, [----] engagements "Access to the Colombian Government Emergency Response Agency is being sold for $300 with root RCE shell and network admin panel on a Linux firewall device" [X Link](https://x.com/DarkWebInformer/status/2021346448366010793) 2026-02-10T22:12Z 158.2K followers, 61K engagements "Root RCE and full admin panel access to a Chinese agentic AI edge-as-a-service (EaaS) corporation is being sold for $200. The target runs Linux with firewall device access" [X Link](https://x.com/DarkWebInformer/status/2021346913707282588) 2026-02-10T22:13Z 158.2K followers, 10.6K engagements "2/3 Domain user access to an Australian retail company with $20M in revenue is being auctioned. The listing specifies Sophos VPN access. Auction starts at $1500 with a blitz price of $3000" [X Link](https://x.com/DarkWebInformer/status/2021622090185720154) 2026-02-11T16:27Z 158.2K followers, [----] engagements "Video Credit: Video Date: September 14th [----] http://youtube.com/@Quantum-Hacker http://youtube.com/@Quantum-Hacker" [X Link](https://x.com/DarkWebInformer/status/2021648295425388759) 2026-02-11T18:11Z 158.2K followers, [----] engagements "PLAY Ransomware has added four new victims to its leak site: Northbridge A commercial real estate investment and development firm. Makivik The legal representative corporation for Inuit beneficiaries of the James Bay and Northern Quebec Agreement. Catalanatto & Barnes A certified public accounting and advisory firm. Altak A construction and industrial services company. http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com" [X Link](https://x.com/DarkWebInformer/status/2021680747573104926) 2026-02-11T20:20Z 158.2K followers, [----] engagements "YouTube appears to be down at least for some of us. π" [X Link](https://x.com/DarkWebInformer/status/2021686006760477062) 2026-02-11T20:41Z 158.2K followers, 12.4K engagements "π¨ A threat actor is allegedly selling access and data from a Spain-based business association on a hacking forum. The listing allegedly includes: Foothold/access to internal office network Email credentials (6000+ contacts in address book) Employee email credentials Email marketing account (3000+ contacts) Cloud storage access Social media accounts Extracted member PII (name DNI/ID NIF address email phone business name IBAN etc.) The threat actor is asking for $1000. https://twitter.com/i/web/status/2021694529783382429 https://twitter.com/i/web/status/2021694529783382429" [X Link](https://x.com/DarkWebInformer/status/2021694529783382429) 2026-02-11T21:15Z 158.2K followers, [----] engagements "$1000 Bug Bounty 2FA bypass due to CSRF misconfiguration POC on demo website Writeup: https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1 https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1" [X Link](https://x.com/DarkWebInformer/status/2021730355141579212) 2026-02-11T23:37Z 158.2K followers, 12.8K engagements "β German motorcycle site allegedly breached including live MySQL access and full banking data offered for sale π Germany Type: Data Breach / Initial Access Threat actor: OpenBullet Records: 75394+ SEPA records [-----] bank transactions [----] PayPal orders Samples: Yes The dataset includes SEPA direct debits bank transactions dating back to [----] user bank accounts PayPal order records and payment method details. Email and hashed password data is also allegedly included. Data includes: Full customer IBANs BICs account holder names sender names bank account numbers (Kontonummer/BLZ) transaction" [X Link](https://x.com/DarkWebInformer/status/2021974328997261684) 2026-02-12T15:47Z 158.2K followers, [----] engagements "CISA added one more vulnerability to the KEV Catalog today. CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to" [X Link](https://x.com/DarkWebInformer/status/2022048243635376174) 2026-02-12T20:40Z 158.2K followers, [----] engagements "A threat actor is selling an alleged critical severity OpenSea 0-day exploit chain for $100000 USD (BTC/XMR). The threat actor claims the exploit affects OpenSea's Seaport order validation logic on Ethereum Main Net Polygon and Blast enabling forced transfer of high-value NFTs at [--] ETH bypassing listing approvals and working on both active and inactive listings. The seller claims the vulnerability is unpatched and undisclosed. https://twitter.com/i/web/status/2022081741196869905 https://twitter.com/i/web/status/2022081741196869905" [X Link](https://x.com/DarkWebInformer/status/2022081741196869905) 2026-02-12T22:53Z 158.2K followers, 64.7K engagements "I am no longer posting on Infosec Exchange or Telegram. Infosec Exchange was never really for me and Telegram has become difficult to manage with six channels. Its more manageable to focus on just two platforms (X and Discord) instead of having to follow up on [--]. It also makes things easier not having to copy and paste content across multiple socials. I will still be hiding on Telegram just not posting. I also do not have a username there. Other than that everything else remains the same when it comes to seeing posts on social media. http://darkwebinformer.com/socials" [X Link](https://x.com/DarkWebInformer/status/2022110554425336016) 2026-02-13T00:48Z 158.2K followers, [----] engagements "ShinyHunters claims Figure Technology Solutions Inc. as a victim" [X Link](https://x.com/DarkWebInformer/status/2022121228883177676) 2026-02-13T01:30Z 158.2K followers, [----] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@DarkWebInformer Dark Web Informer
Several major cybersecurity incidents have been reported recently. A significant data breach allegedly involving [---] billion Discord messages from [--] million users has been claimed, and various companies, including Comcast, Boyd Gaming Corporation, and Stellantis, have confirmed data breaches or cybersecurity incidents. Additionally, law enforcement has seized several dark web marketplaces, including Archetyp and Tradeogre.
Engagements: [-------] #
- [--] Week [-------] -52%
- [--] Month [---------] -0.98%
- [--] Months [----------] +30%
- [--] Year [----------] -32%
Mentions: [--] #
- [--] Week [---] -41%
- [--] Month [---] +37%
- [--] Months [-----] +50%
- [--] Year [-----] -3.70%
Followers: [-------] #
- [--] Week [-------] +1.10%
- [--] Month [-------] +6.30%
- [--] Months [-------] +25%
- [--] Year [-------] +69%
CreatorRank: [------] #
Social Influence
Social category influence stocks 12.83% technology brands 12.83% countries 11.23% finance 6.95% social networks 6.95% cryptocurrencies #1012 celebrities 1.07% exchanges 1.07% fashion brands 0.53% travel destinations 0.53%
Social topic influence data #737, telegram 4.28%, shell #261, ai 3.74%, discord #3311, in the 3.21%, crypto #3103, law enforcement 2.14%, $googl 2.14%, ip #724
Top accounts mentioned or mentioned by @noo_idcard @lakle1308 @grok @zachxbt @abusech @intcyberdigest @snagg @rxerium @securelayer7 @fbiopenup @okta @bleepingcomputer @bypandemonium @club31337 @darkwebintelbot @quantumhacker @sharp4882fabypassonprivatebugbountyprogramduetocsrftokenmisconfiguration5a9c82151a1 @alfonsojgr @tmppbr @elingen73113720
Top assets mentioned Alphabet Inc Class A (GOOGL) Microsoft Corp. (MSFT) Coinbase Global Inc. (COIN) Ethereum (ETH) PolySwarm (NCT) CarMax, Inc (KMX) Bumble Inc. (BMBL) Flex Ltd. Ordinary Shares (FLEX) SolarWinds Corporation Common Stock (SWI) Noble Corporation (NE)
Top Social Posts
Top posts by engagements in the last [--] hours
"π¨Public Release of Rust-Based Loader (Tribute to Lumma) Category: Malware Threat Actor: DeWorm14 Forum: RAMP Network: Clearnet Dark Web Details: Actor shares a Rust + x64 assembly loader named ttl_loader written as a tribute to Lumma. Claims full EDR bypass compiled using modified Fortinet panel and tested stub. No encryption or injection modules included; a DHL-based C2 variant also exists. Attachment: ttl_loader.zip provided. https://twitter.com/i/web/status/1948796756260475083 https://twitter.com/i/web/status/1948796756260475083"
X Link 2025-07-25T17:25Z 156.7K followers, [----] engagements
"mydocs has posted the following claims in just [--] days. Best Western Hotel Hotel Ercolini e Savi Hotel Sanpi Milano Mediolanum Hotel Leonardo Hotels Savoia resort Astoria Suite Hotel Hotel Continentale Hotel Ca dei Conti Casa Dorita Hotel Regina Isabella Portals Hills Boutique Hotel https://twitter.com/i/web/status/1955778859955085673 https://twitter.com/i/web/status/1955778859955085673"
X Link 2025-08-13T23:49Z 157.9K followers, [----] engagements
"Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total Hybrid Analysis URLHaus Polyswarm Malshare Alien Vault Malpedia Malware Bazaar ThreatFox Triage InQuest VxExchange and IPInfo. GitHub: https://github.com/alexandreborges/malwoverview https://github.com/alexandreborges/malwoverview"
X Link 2025-08-23T21:14Z 157.9K followers, 34.2K engagements
"π¨ Simon Property Group has Fallen Victim to MEDUSA Ransomware π United States Industry: Real Estate / Retail Threat Actor: Unverified (Dark Web Listing) Network: Dark Web π§ A ransomware group has allegedly listed Simon Property Group as a victim of ransomware. The listing claims to include sensitive company data and employee information from the real estate investment trust (REIT) headquartered in Indianapolis Indiana. Simon Property Group owns and operates major U.S. retail and outlet centers including Premium Outlets and The Mills. https://twitter.com/i/web/status/1983565405743391027"
X Link 2025-10-29T16:03Z 156.7K followers, [----] engagements
"π¨ New Ransomware Claims Posted Today Anubis Trumbull County Benzona CoinbaseCartel Renesas Electronics DataCarry Camomilla Dragonforce Jack Levine Precision Compounding Embargo Everest Benchmark Electronics Inc Handala From Shield to Shame Incransom Kazu CT Dent Ltd Lynx Trucash Nightspire Ermat Grup Nova ANG BROTHERS (M&E) PTE. LTD. (P3) qilin Canvas Church Diesel Electric Kasapreko Khazzan Logistics Towerstream UniqueTech Engineering Rhysida SODISE http://www.toc.co.jp http://www.mylawcompany.com http://bennett.edu http://lso.com http://platinumone.in http://www.toc.co.jp"
X Link 2025-12-06T23:05Z 157.9K followers, [----] engagements
"π¨ Threat actor selling 340GB of data allegedly obtained from impacting French energy and construction sector entities including EDF Power Plants and multiple Eiffage and Bouygues-related projects advertised on a dark web forum. π France Industry: Energy/Construction Type: Data Leak Threat Actor: Angel_Batista Samples: Yes Major companies affected: - lectricit de France SA (93.7 GB) - Data from EDF Power Plant including CRUAS GRAVELINES BUGEY ST LAURENT DAMPIERRE and TRICASTIN - Eiffage S.A. (153 GB) - Eiffage Construction/Energie/Genie Civil/Immobilier/Rail Additional companies (full list"
X Link 2026-01-05T15:30Z 157.9K followers, [----] engagements
"KPMG has been claimed a victim to Nova Ransomware"
X Link 2026-01-23T17:58Z 156.2K followers, 26.2K engagements
"Warren County Sheriffs Office has been claimed a victim to RansomHouse Ransomware"
X Link 2026-01-23T18:17Z 156.8K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2024-37079: Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability CVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability CVE-2025-31125: Vite Vitejs Improper Access Control Vulnerability CVE-2025-54313: Prettier eslint-config-prettier Embedded Malicious Code Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/"
X Link 2026-01-23T19:52Z 156.5K followers, [----] engagements
"Video Darknet Bible: The Ultimate OpSec Guide "Stephen Sims joins David Bombal to discuss Operational Security (OpSec) through the lens of the "Darknet Marketplace Bible" (DNM Bible). While this document is originally designed to help criminals evade law enforcement while buying illegal goods Stephen argues it is an excellent resource for cybersecurity professionals journalists and privacy advocates to learn high-level anonymity and encryption techniques." https://www.youtube.com/watchv=cYVOe7k1N7w https://www.youtube.com/watchv=cYVOe7k1N7w https://www.youtube.com/watchv=cYVOe7k1N7w"
X Link 2026-01-23T22:04Z 156.3K followers, [----] engagements
"ShinyHunters Claims CarMax Inc. as a victim"
X Link 2026-01-24T00:45Z 157.9K followers, 38.8K engagements
"Clawdbot: A personal AI assistant you run on your own devices. GitHub: Clawdbot answers you on the channels you already use (WhatsApp Telegram Slack Discord Google Chat Signal iMessage Microsoft Teams WebChat) plus extension channels like BlueBubbles Matrix Zalo and Zalo Personal. It can speak and listen on macOS/iOS/Android and can render a live Canvas you control. https://github.com/clawdbot/clawdbot https://github.com/clawdbot/clawdbot https://github.com/clawdbot/clawdbot https://github.com/clawdbot/clawdbot"
X Link 2026-01-25T01:58Z 156.2K followers, [----] engagements
"A data set tied to Ledger users is being sold on a cybercrime forum with the seller claiming [----] records. Sample entries shared in the thread list Australia as the country. The leak is being presented as newly exposed Ledger customer information"
X Link 2026-01-25T23:54Z 156.2K followers, 63.6K engagements
"β Dread has been down for a while. It is a technical issue related to the load balancer crashing. Will update if any other information comes forward"
X Link 2026-01-26T19:35Z 156.2K followers, [----] engagements
"The DOJ recently added an Akamai captcha to its press release site which caused my original script to stop working. It was easily bypassed as you can see. However instead of using specific keywords to catch cyber related articles I decided to have it send all articles to X and Telegram so nothing is missed. So if something comes from the DOJ that is not cyber related now you know why. π¨ DOJ Press Release Date: 26/01/2026 Title: Former NATO Official and Turkish Defense Contractor Indicted for Bribery Scheme Related to Military Contracts https://t.co/WMkbwSfz0q π¨ DOJ Press Release Date:"
X Link 2026-01-26T21:58Z 156.2K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2018-14634: Linux Kernel Integer Overflow Vulnerability CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-23760: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/"
X Link 2026-01-27T00:26Z 156.5K followers, [----] engagements
"I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange Telegram Discord. My last known follower account was 12.8K. π«‘ https://twitter.com/i/web/status/2016170657571062030 https://twitter.com/i/web/status/2016170657571062030"
X Link 2026-01-27T15:25Z 156.7K followers, 21.5K engagements
"To the guy who paid for a year by Monero I upgraded your account. It was an issue on my end with seeing the invoice. I signed you out you just need to sign back in"
X Link 2026-01-27T19:03Z 156.3K followers, [----] engagements
"CVE-2025-2294: Kubio AI Page Builder = 2.5.1 - Unauthenticated Local File Inclusion GitHub: CVSS: [---] https://github.com/fumioryoto/CVE-2025-2294-Kubio-2.5.1-LFi-Checker https://github.com/fumioryoto/CVE-2025-2294-Kubio-2.5.1-LFi-Checker"
X Link 2026-01-27T20:17Z 156.5K followers, [----] engagements
"CVE-2026-22794: Appsmith Password Reset Account Takeover via Origin Header Injection GitHub: CVSS: [---] Writeup: https://www.resecurity.com/blog/article/cve-2026-22794-changing-the-origin-header-to-take-over-appsmith-accounts https://github.com/MalikHamza7/CVE-2026-22794-POC https://www.resecurity.com/blog/article/cve-2026-22794-changing-the-origin-header-to-take-over-appsmith-accounts https://github.com/MalikHamza7/CVE-2026-22794-POC"
X Link 2026-01-27T20:57Z 156.5K followers, 10.3K engagements
"3000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup: https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261 https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261"
X Link 2026-01-27T21:41Z 156.7K followers, 24K engagements
"CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability Severity: Critical CVSS: [---] Zero Day: Yes CVE Published: January 27th [----] Advisory: An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5 FortiAnalyzer 7.4.0 through 7.4.9 FortiAnalyzer 7.2.0 through 7.2.11 FortiAnalyzer 7.0.0 through 7.0.15 FortiManager 7.6.0 through 7.6.5 FortiManager 7.4.0 through 7.4.9 FortiManager 7.2.0 through 7.2.11 FortiManager 7.0.0 through 7.0.15 FortiOS 7.6.0"
X Link 2026-01-28T00:01Z 156.5K followers, 46.7K engagements
"Cl0p Ransomware Claims [--] More Victims Nextphaze Etto Australia The Hale Road MRA Group Podiatry WA RMW Group Ventnor Y Architecture Studio Roberts Designs Sky Excavations Whole IT"
X Link 2026-01-28T01:17Z 156.6K followers, [----] engagements
"ShinyHunters Claims Match Group Data Leak: 10M Hinge Match & OkCupid Records and Internal Documents Exposed (1.7GB)"
X Link 2026-01-28T02:44Z 157.3K followers, [----] engagements
"Stallman the owner of Ramp had this to say about the seizure. Translated: To all whom this concerns: With regret I inform you that law enforcement agencies have gained control over the Ramp forum. This event destroyed years of my work to create the most free forum in the world and although I hoped this day would never come deep down I always understood that it was possible. This is the risk we all take. Despite the fact that I no longer control Ramp and will not be creating a new forum from scratch I will continue to buy accesses. My core business remains unchanged. If you have something you"
X Link 2026-01-28T16:14Z 156.5K followers, [----] engagements
"β Sorb claims to sell 897K Cuban student records from Ministry of Higher Education including ID cards political affiliation military details and parents' information"
X Link 2026-01-28T16:28Z 157.9K followers, [----] engagements
"Bumble Inc has been claimed a victim to ShinyHunters Files primarily from Google Drive and Slack [--] GB (Compressed)"
X Link 2026-01-28T20:37Z 157.9K followers, [----] engagements
"βCVE-2025-52691: SmarterMail Authentication Bypass and RCE PoC https://darkwebinformer.com/cve-2025-52691-smartermail-authentication-bypass-and-rce-poc/ https://darkwebinformer.com/cve-2025-52691-smartermail-authentication-bypass-and-rce-poc/"
X Link 2026-01-28T21:04Z 156.5K followers, [----] engagements
"Leaking the phone number of any Google user ($5k bounty) This vulnerability was submitted to Google's VRP program and awarded a $5000 bounty. It has since been patched. Writeup: https://brutecat.com/articles/leaking-google-phones https://brutecat.com/articles/leaking-google-phones"
X Link 2026-01-28T21:38Z 156.7K followers, 97.3K engagements
"RAMP4u admin panel user list and messages allegedly up for sale after being seized yesterday by law enforcement"
X Link 2026-01-29T15:50Z 156.7K followers, 16.7K engagements
"Flex The U.S. Marshals Service has confirmed it is investigating a potential compromise of government digital-asset accounts by John (Lick) according to Bloomberg News which cited an email from the agency. The incident was initially uncovered by blockchain investigator @zachxbt. https://t.co/TIiZoTbJp8 The U.S. Marshals Service has confirmed it is investigating a potential compromise of government digital-asset accounts by John (Lick) according to Bloomberg News which cited an email from the agency. The incident was initially uncovered by blockchain investigator @zachxbt."
X Link 2026-01-29T17:06Z 156.4K followers, 36.7K engagements
"Threat Actor "ally549" is Allegedly Selling Fresh [----] SSN+DOB+DL Fullz Data Covering USA UK and Canada with Over [---] Million Records"
X Link 2026-01-29T17:56Z 156.5K followers, 11.1K engagements
"SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine. This could be exploited without authentication. CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited would allow a"
X Link 2026-01-29T18:10Z 156.7K followers, [----] engagements
"Advisories: https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551 https://nvd.nist.gov/vuln/detail/CVE-2025-40554 https://nvd.nist.gov/vuln/detail/CVE-2025-40553 https://nvd.nist.gov/vuln/detail/CVE-2025-40552 https://nvd.nist.gov/vuln/detail/CVE-2025-40551"
X Link 2026-01-29T18:10Z 156.6K followers, [----] engagements
"Why Hackers Get Caught (Bad OPSEC)"
X Link 2026-01-29T18:35Z 157.3K followers, 10.1K engagements
"CVE-2026-0920: Explanation and payload of the recent vulnerability in the LA-Studio Element WordPress plugin. PoC/Exploit: CVSS: [---] CVE Published: January 22nd [----] Advisory: https://github.com/advisories/GHSA-m3h4-65j5-6j8c https://github.com/John-doe-code-a11/CVE-2026-0920 https://github.com/advisories/GHSA-m3h4-65j5-6j8c https://github.com/John-doe-code-a11/CVE-2026-0920"
X Link 2026-01-29T20:49Z 156.5K followers, [----] engagements
"CVE-2026-1056: Snow Monkey Forms = 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal PoC/Exploit: CVSS: [---] CVE Published: January 28th [----] Advisory: https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC https://github.com/advisories/GHSA-g5p3-f4cq-94v5 https://github.com/ch4r0nn/CVE-2026-1056-POC"
X Link 2026-01-29T21:15Z 156.5K followers, [----] engagements
"A XSS vulnerability took control of BreachForums about an hour and a half ago. It has since been fixed. Credit: Nicotine"
X Link 2026-01-29T21:39Z 157.4K followers, 48.5K engagements
"β A threat actor known as "butcher" is auctioning [---] US credit cards (38 credit/62 debit) allegedly obtained via phishing with a starting bid of $800 and a flash price of $1200 claiming 85-95% validity"
X Link 2026-01-30T01:02Z 156.6K followers, [----] engagements
"John (Lick) launched a Discord Wumpus-themed token that spiked to roughly a $3 million market cap. Insiders quickly dumped their holdings collectively pocketing over $200k in profits. John rug pulled his community & then deleted his Telegram account https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2 https://solscan.io/account/GkkvqnXsiZTsYpX9vRikgRKMdPXauDTj3gt14yJAVgb2"
X Link 2026-01-30T17:37Z 156.7K followers, 28.7K engagements
"0APT Ransomware Claim [--] Victims π FutureTech AI Urban Outfitters Ltd π National Rail Network CryptoVault Exchange Elite Hospitality Group Noble Pharma π Rapid Courier Services π Global News Corp π Zenith Telecom π Visionary Architects π Titan Construction π Metro General Hospital Obsidian Tech Labs π Diamond Deep Drilling π Solaris Renewable Energy π Sapphire Jewelry π Pacific Ocean Cargo π IronClad Security π Emerald Agriculture π GreenValley Agriculture π Crimson Fashion House π Golden Chip Casino π EduTech Systems Silver City Bank π Unity Insurance π Blue Water"
X Link 2026-01-30T18:19Z 157.9K followers, [----] engagements
"β GoodL7 PROOF targeted the website of Petroleum Authority of Brunei Darussalam"
X Link 2026-01-30T18:34Z 157.7K followers, [----] engagements
"CVE-2026-0755: Reported Zero-Day in Gemini MCP Tool Could Allow Remote Code Execution Zero-Day: Yes CVSS: [---] CVE Published: January 23rd [----] Affected Vendor: Gemini MCP Tool Vulnerability Type: Remote Code Execution (RCE) Advisory: https://github.com/advisories/GHSA-28qq-5f47-r5x2 https://github.com/advisories/GHSA-28qq-5f47-r5x2"
X Link 2026-01-30T19:05Z 156.4K followers, [----] engagements
"The XSS vulnerability that was used by Nicotine against BreachForums has provided exfiltration data as part of the leak. Some of the initial information I gathered from the shared file: Session cookies: MyBB forum cookies (mybblastvisit mybblastactive sid mybbuser dcap) that could allow session hijacking IP addresses: Both local IPs and public IPs of victims Browser fingerprinting data: User agent screen resolution hardware specs (CPU cores RAM) platform timezone language Browsing context: Current URL referrer URL showing navigation path localStorage/sessionStorage: Any stored browser data"
X Link 2026-01-30T20:33Z 156.2K followers, [----] engagements
"You can find the link in my Telegram which is in my X bio"
X Link 2026-01-30T20:33Z 156.4K followers, [----] engagements
"β A threat actor has allegedly leaked data from Iberdrola a Spanish multinational energy company claiming [----] files were exfiltrated on May [--] [----] containing customer account details phone numbers DNI/NIF identification addresses IBAN numbers and service information. https://twitter.com/i/web/status/2017338728562242008 https://twitter.com/i/web/status/2017338728562242008"
X Link 2026-01-30T20:46Z 156.6K followers, [----] engagements
"All the time"
X Link 2026-01-30T21:07Z 156.3K followers, [----] engagements
"β UXBERT Labs source code allegedly leaked in data breach"
X Link 2026-01-30T21:25Z 156.4K followers, [----] engagements
"β More malware source code"
X Link 2026-01-31T00:44Z 157.4K followers, 28.8K engagements
"Hearing a lot about Stopice.net having plate tracker images defaced and then the website being completely hacked all within the last [--] hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year. This is some of the information I was able to gather. A lot of errors show up in the console when visiting the site the JS/CSS path is completely open among other things. It's definitely incredibly vulnerable. IP: 216.243.62.131 ASN: [-----] ASName: Wave Broadband Server: openresty cPanel: Webmail: /js/ /css/ Stop ICE Raids Alert Network: IP: 15.235.11.14"
X Link 2026-01-31T02:48Z 156.5K followers, 23.9K engagements
"Threat actor avatars/aliases still going wild lol"
X Link 2026-01-31T16:22Z 156.3K followers, 10.8K engagements
"The PoC CVE Explorer is coming along. There is obviously no way to verify almost 90K or so PoCs so I placed a disclaimer at the top. Also enriching with the details of the repo is kind of a pain. This is still likely available at the end of February at the earliest. No spot checks have been done yet either. https://twitter.com/i/web/status/2017666263745474919 https://twitter.com/i/web/status/2017666263745474919"
X Link 2026-01-31T18:28Z 157.4K followers, [----] engagements
"I was just informed by Spamhaus/@abuse_ch that I am now required to have a commercial license in order to use their API. As you know I use their API for the two IOCs feeds which is also used on my API for customers. Not sure of a solution to replace these. If not I will be taking them down when they start denying my access. https://twitter.com/i/web/status/2017697253771591822 https://twitter.com/i/web/status/2017697253771591822"
X Link 2026-01-31T20:31Z 156.4K followers, 13.8K engagements
"@IntCyberDigest sup my guy @_snagg"
X Link 2026-02-01T01:01Z 157.5K followers, 30.9K engagements
"CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths GitHub: https://github.com/Ashwesker/Ashwesker-CVE-2026-1281 https://github.com/Ashwesker/Ashwesker-CVE-2026-1281"
X Link 2026-02-01T21:13Z 156.6K followers, [----] engagements
"β ExploitPack.com has allegedly been compromised by a threat actor who claims to have exploited a vulnerability on the site to exfiltrate all exploits spanning [--------] totaling approximately [---] MB of data including exploit code shellcodes and related files with plans to release additional kernel and control pack exploits soon. https://twitter.com/i/web/status/2018076454030897527 https://twitter.com/i/web/status/2018076454030897527"
X Link 2026-02-01T21:38Z 156.5K followers, 26.3K engagements
"Polycom now by the name Poly Inc. has fallen victim to Everest Ransomware Allegedly [--] GB of data stolen Revenue: $1.73 Billion (FY 2021)"
X Link 2026-02-01T22:50Z 157.9K followers, [----] engagements
"Iron Mountain has been claimed a victim to Everest Ransomware Iron Mountain is a large publicly traded information management firm generating around $6.6 billion in annual revenue"
X Link 2026-02-02T00:24Z 156.8K followers, [----] engagements
"β a Spanish outdoor and nature app platform has allegedly had its user database leaked by "IntelShadow" exposing [------] total lines with [----] containing relevant user data including IDs device information emails and dates. http://Naturapps.es http://Naturapps.es"
X Link 2026-02-02T18:40Z 156.4K followers, [----] engagements
"rxerium-templates: Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities. GitHub: Vouch. I have posted a lot of his repos in the past. https://github.com/rxerium/rxerium-templates https://github.com/rxerium/rxerium-templates"
X Link 2026-02-02T19:56Z 157.9K followers, [----] engagements
"It's not often I see an .onion to a hacktivist group but here we are. π Onion: http://zwziyr6hbbqmtm7x5peu4dxyrm6wqvw7sdulvcgwcs2yvbx77cjesaad.onion"
X Link 2026-02-02T21:56Z 156.6K followers, [----] engagements
"Infrastructure Destruction Squad claims to have breached the servers of Lawrence Livermore National Laboratory a facility affiliated with the U.S. Department of Energy. The alleged breach reportedly includes over [--] TB of sensitive data encompassing engineering blueprints classified internal video recordings and documents related to nuclear physics fusion particle acceleration and pulsed sphere experiments. The group is offering full server access for $12000. https://twitter.com/i/web/status/2018483591710224809 https://twitter.com/i/web/status/2018483591710224809"
X Link 2026-02-03T00:36Z 156.4K followers, [----] engagements
"β A threat actor is selling a full database leak from HIMS University in Egypt containing [-----] records across multiple files. The exposed data includes student PII with plaintext passwords Fawry and Banque Misr payment transaction logs Mastercard/Banque Misr payment gateway API credentials and detailed staff bank account information. The asking price starts at $250 in Monero. https://twitter.com/i/web/status/2018712420252897719 https://twitter.com/i/web/status/2018712420252897719"
X Link 2026-02-03T15:45Z 157.3K followers, [----] engagements
"A threat actor has leaked a citizen database from the Dominican Republic containing [---] million SQL records and [---] million citizen photos. The exposed data includes cedula numbers names civil status dates of birth sex birthplace blood type and occupation"
X Link 2026-02-03T16:00Z 157.7K followers, [----] engagements
"OpenClaw on FOFA: FOFA: FOFA Query: app="OpenClaw" [-----] results https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From gatewayUrl CVSS: [---] Advisory: https://t.co/bDatxBUqfx Writeup: https://t.co/ohB3Zhw0fp All versions up to v2026.1.24-1 are vulnerable. Video: Ethiack https://t.co/DlzusBK2NG https://en.fofa.info/resultqbase64=YXBwPSJPcGVuQ2xhdyI%3D OpenClaw also known by Moltbot and ClawdBot recently patched a 1-Click RCE via Authentication Token Exfiltration From"
X Link 2026-02-03T17:29Z 157.9K followers, [----] engagements
"β Gozo Channel the ferry operator connecting Malta's islands confirmed it was targeted in a cyberattack on Tuesday. The company said the incident impacted certain internal IT systems but was quickly contained thanks to existing infrastructure safeguards and contingency protocols. Ferry services were not disrupted. The company emphasized that all vessels continue to run on their normal schedule and that operations remain fully unaffected. Technical teams are currently working to restore the administrative systems that were impacted and the company plans to bring in specialist cybersecurity"
X Link 2026-02-03T17:56Z 156.4K followers, [----] engagements
"Reuters reports that French prosecutors raided Xs Paris offices on Tuesday as part of a criminal investigation originally opened in January [----] over alleged algorithm manipulation. The probe has since expanded to include charges of complicity in distributing child sexual abuse material generating sexually explicit deepfakes via the Grok AI chatbot and Holocaust denial which is a crime under French law. The raid was carried out by the Paris prosecutors cybercrime unit with support from Europol and French police. Voluntary interview summonses for April [--] have been issued to both Elon Musk and"
X Link 2026-02-03T18:09Z 156.5K followers, 13.9K engagements
"1/2 USA - Bank Firewall & Network Admin Panel access listed for sale ($300) USA - College Software Suite (SaaS) Firewall & Network Admin Panel access listed for sale ($200) π Asia - Largest Real Estate Developer Firewall & Network Admin Panel access listed for sale ($300) Ukraine - Accounting & Finance Company Firewall & Network Admin Panel access listed for sale ($200) https://twitter.com/i/web/status/2018766517668602273 https://twitter.com/i/web/status/2018766517668602273"
X Link 2026-02-03T19:20Z 156.4K followers, [----] engagements
".cz BreachForums is at war with .bf BreachForums and looks like .cz got the .bf clearnet domain suspended. It's currently down. The small screenshot is small because it requires an account to sign in to look at the large snap but I don't have an account yet. It does look legit"
X Link 2026-02-04T01:01Z 157.3K followers, 24K engagements
"Apparently someone is logged into Jeffrey Epstein's Outlook account via Reddit. https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was in the Epstein files. https://t.co/zmntv2QlrY https://www.reddit.com/r/Epstein/comments/1qv3ue6/im_in_epstiens_outlook_what_should_i_look_for/ https://www.reddit.com/r/Epstein/comments/1qv1uo2/did_i_find_something/ Someone just logged into Epsteins Outlook account. The password was"
X Link 2026-02-04T01:10Z 157.8K followers, 28.3K engagements
"Opps they did it again. Stop using Coinbase. π¨ Coinbase confirms an insider breach after a contractor improperly accessed data for [--] customers. BleepingComputer learned the breach occurred in December. This comes after screenshots of internal Coinbase support tools were leaked. πLearn more: https://t.co/RSbIFkGLIb π¨ Coinbase confirms an insider breach after a contractor improperly accessed data for [--] customers. BleepingComputer learned the breach occurred in December. This comes after screenshots of internal Coinbase support tools were leaked. πLearn more: https://t.co/RSbIFkGLIb"
X Link 2026-02-04T02:37Z 156.4K followers, 12.4K engagements
"A threat actor has posted three separate listings: China Union Pay: [---] million rows of deduplicated cardholder data allegedly from China UnionPay including phone numbers names national IDs provinces carrier info and dates of birth. Crypto Currency Bundle: A [---] GB compilation of [----] million records spanning dozens of major crypto platforms including Coinbase Binance KuCoin Poloniex Bitfinex and Paxful containing combo credentials email leads and phone-linked customer data. Hong Kong Stock Investment: [------] unique rows allegedly from KGI Asia's platform containing emails phone numbers stock"
X Link 2026-02-04T18:01Z 156.8K followers, [----] engagements
"Your "dark web monitoring" service needs your SSN name and personal details just to watch for leaks. Think about that. Dark Web Informer doesn't need any of that. Sign up with an email choose your tier and start seeing threat actor activity as it happens. That's it. http://darkwebinformer.com http://darkwebinformer.com"
X Link 2026-02-04T18:01Z 156.7K followers, [----] engagements
"Two French educational institutions allegedly breached. Lyce Notre-Dame des Dunes and Lyce Saint-Charles. The data has been posted freely for download. The group also claims to hold [--] TB of unreleased databases from across the French sector totaling [---] million records and is threatening further leaks. https://twitter.com/i/web/status/2019122243687547327 https://twitter.com/i/web/status/2019122243687547327"
X Link 2026-02-04T18:53Z 156.5K followers, [----] engagements
"Threat feed will be down for the next [--] minutes for an update. Will update once back up"
X Link 2026-02-04T19:36Z 156.7K followers, [----] engagements
"OK it's back up. There was a memory leak that should be resolved now. If the feed showed that it failed to load randomly that was the issue. I am monitoring and will adjust if needed. Threat feed will be down for the next [--] minutes for an update. Will update once back up. Threat feed will be down for the next [--] minutes for an update. Will update once back up"
X Link 2026-02-04T19:52Z 156.7K followers, [----] engagements
"A large collection of email-only crypto databases is being offered for sale covering U.S. and mixed geographies from [--------]. The actor is providing a list of available databases and samples with purchases handled via Telegram on a per-database basis"
X Link 2026-02-04T19:57Z 156.8K followers, [----] engagements
"TLDFinder: A streamlined tool for discovering private TLDs for security research. GitHub: TLD based DNS lookups (Passive) TLD based DNS lookups (Active) STD IN/OUT and TXT/JSON output https://github.com/projectdiscovery/tldfinder https://github.com/projectdiscovery/tldfinder"
X Link 2026-02-04T20:08Z 157.9K followers, [----] engagements
"PLAY Ransomware claims [--] victims Woodfield CBH Homes ISTS"
X Link 2026-02-04T20:39Z 156.5K followers, [----] engagements
"A data set for GiftOnCard a Serbia-based gift card platform is being sold with the seller claiming to still have active access. The leak includes [------] web user records with passwords [------] card registration entries and [---] million gift card records containing detailed cardholder PII transaction data and loyalty program information. https://twitter.com/i/web/status/2019151522915930436 https://twitter.com/i/web/status/2019151522915930436"
X Link 2026-02-04T20:50Z 156.7K followers, [----] engagements
"CVE-2026-25049: N8n AI Workflow Remote Code Execution "This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly it can lead to full server compromise depending on deployment configuration." https://twitter.com/i/web/status/2019159982940516686 https://twitter.com/i/web/status/2019159982940516686"
X Link 2026-02-04T21:23Z 156.7K followers, [----] engagements
"Video Credit: http://youtube.com/@SecureLayer7 http://youtube.com/@SecureLayer7"
X Link 2026-02-04T21:23Z 156.6K followers, [----] engagements
"Just a reminder I am no longer posting on LinkedIn see below. I currently only post on the following socials: X Infosec Exchange Telegram Discord. I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by providing a government-issued ID. With that being said. I only now post on the following socials: X Infosec Exchange https://t.co/uib5AuBe35 I am no longer posting on LinkedIn. A short time ago I was logged out of my account and after logging back in it is requiring me to verify my identity by"
X Link 2026-02-04T21:47Z 156.6K followers, [----] engagements
"A known initial access broker is selling firewall and network admin panel access to three government entities: Thailand Government-Owned Visa Program: Root RCE + shell access on a Linux firewall priced at $300. Palestinian Government Agency (Foreign Aid Portal): Same level of access on a Linux firewall priced at $400. Indonesian Government Land Authority: Root RCE + shell + network admin panel on a Linux firewall priced at $300"
X Link 2026-02-04T21:59Z 156.7K followers, 10.7K engagements
"Ransomware Attack Update - February 4th [----] https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-4th-2026/"
X Link 2026-02-04T22:21Z 156.7K followers, [----] engagements
"Threat Attack Update - February 4th [----] https://darkwebinformer.com/threat-attack-update-february-4th-2026/ https://darkwebinformer.com/threat-attack-update-february-4th-2026/"
X Link 2026-02-04T22:26Z 156.7K followers, [----] engagements
"Daily Dose of Dark Web Informer - February 4th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-4th-2026/"
X Link 2026-02-04T22:38Z 156.7K followers, [----] engagements
"Seems the war is far from over"
X Link 2026-02-04T23:08Z 157.3K followers, [----] engagements
"RT @DarkWebInformer: [---] TB of data No shot"
X Link 2026-02-05T00:03Z 156.5K followers, [---] engagements
"Guardia Civil Dismantled a Bank Mule Network in La Rioja Under Operation Vicentius Spain's Guardia Civil has identified [--] suspects linked to fraud money laundering and unauthorized access to computer systems. The group allegedly operated fake cryptocurrency investment platforms and used remote access software to drain victims' bank accounts and take out loans in their names causing an estimated [------] in total losses. Stolen funds were funneled to accounts in Denmark Lithuania the United Kingdom and China. The investigation remains ongoing as authorities work to trace and recover the money."
X Link 2026-02-05T15:04Z 156.7K followers, [----] engagements
"WordPress admin and shell access to a UK-based online shop is being auctioned. The store processes payments via Stripe iframe with roughly [---] orders across the last three months and a 70% unique order rate. The auction starts at $700 with a blitz price of $1500"
X Link 2026-02-05T15:30Z 157.9K followers, [----] engagements
"β Order data from Family Cinema a French movie theater chain is allegedly being sold totaling [------] orders from [-----] unique customers spanning [----] to [----]. The exposed records include emails phone numbers full addresses dates of birth IP addresses payment details and detailed ticket purchase history including film titles and showtime information. A 1000-line sample has been posted freely. https://twitter.com/i/web/status/2019463428323045804 https://twitter.com/i/web/status/2019463428323045804"
X Link 2026-02-05T17:29Z 156.7K followers, [----] engagements
"Two French organizations have allegedly been breached by the same threat actor: Fdration Franaise de la Randonne Pdestre: Data from [------] members of France's national hiking federation is for sale containing [------] unique emails and [------] unique phone numbers from [--------] license holders. CCAS Dunkerque: Records of [-----] individuals receiving social assistance from the Community Center for Social Action in Dunkerque including [-----] unique phone numbers and [-----] unique emails. The data includes family groupings and welfare recipient details."
X Link 2026-02-05T18:32Z 156.7K followers, [----] engagements
"@fbi__open__up He will serve [--] years of supervised release when he serves his prison sentence. "In addition to the prison term LIN [--] of Taiwan was sentenced to five years of supervised release and $105045109.67 in forfeiture." https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online https://www.justice.gov/usao-sdny/pr/incognito-market-owner-sentenced-30-years-operating-one-worlds-largest-online"
X Link 2026-02-05T18:38Z 156.5K followers, [---] engagements
"CISA has added two vulnerabilities to the KEV Catalog CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution. CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability: React Native Community CLI contains an OS command injection"
X Link 2026-02-05T20:27Z 156.7K followers, [----] engagements
"βLeakBase has been down for about two days now. The last two times the site went offline it remained down for a week or two. Theres no information on any new domains or updates and no recent news regarding the site. It is however hosted by the notorious Njalla"
X Link 2026-02-05T23:48Z 157.6K followers, [----] engagements
"Network access to a U.S. retail and supply chain management company with $1.5M+ in revenue is being sold for $12000. The listing claims SonicWall VPN RDP and SSH access with certificates to 6+ dev servers domain user privileges and database access across 8+ large databases (MSSQL Redis MySQL). The network allegedly spans 140+ stores across [--] states with approximately [----] endpoints [--] domain controllers and 12TB of data"
X Link 2026-02-06T18:37Z 157.9K followers, [----] engagements
"Atlas Air has been claimed a victim to Everest Ransomware"
X Link 2026-02-06T22:57Z 157.9K followers, [----] engagements
"Approximately [--] minutes ago [----------] BTC ($181K) was transferred to Bitcoins genesis address effectively burning the funds β«π₯ https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa https://blockstream.info/tx/a73335706adad5c400453fbc3c992f23cacf56b0ca964bc584f5f44ac7e0d412 https://intel.arkm.com/explorer/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"
X Link 2026-02-07T00:18Z 157.9K followers, 16.6K engagements
"Access to Peru's capital regional government portal is being sold for $200 with root RCE shell and network admin panel on a Linux firewall device"
X Link 2026-02-10T22:13Z 158.2K followers, [----] engagements
"3/3 Domain admin access to a Swiss manufacturing company with $15M in revenue is being auctioned. The listing specifies Sophos VPN with Sophos antivirus. Auction starts at $1500 with a blitz price of $3000"
X Link 2026-02-11T16:27Z 158.2K followers, [----] engagements
"A data set allegedly from Zain Kuwait a major telecommunications provider has been posted for sale containing [-------] subscriber records totaling 11.3GB in JSON format. The breach is dated [----] and includes subscriber numbers owner names and associate names. Sample data shows Arabic-language subscriber records with phone numbers verification status and spam flags. The seller offers tiered pricing in Monero: [--] XMR for takedown [--] XMR for exclusive purchase with deletion [--] XMR for non-exclusive access or [--] XMR for the scraping exploit itself."
X Link 2026-02-11T16:41Z 158.2K followers, [----] engagements
"β Brillen (operated by SuperVista AG) dataset allegedly leaked π Germany Type: Data Breach Threat actor: Meow Records: [-------] A forum post claims that Brillen a German eyewear retailer operated by SuperVista AG suffered a data breach in September [----] resulting in over [---] million rows of user data being compromised. The actor states the company fixed the vulnerability internally without making a public announcement. Data includes: First name last name email contact number DOB gender age street address postal code and city"
X Link 2026-02-12T15:31Z 158.2K followers, [----] engagements
"Threat Attack Update - February 12th [----] https://darkwebinformer.com/threat-attack-update-february-12th-2026/ https://darkwebinformer.com/threat-attack-update-february-12th-2026/"
X Link 2026-02-12T23:14Z 158.2K followers, [----] engagements
"Daily Dose of Dark Web Informer - February 12th [----] https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/ https://darkwebinformer.com/daily-dose-of-dark-web-informer-february-12th-2026/"
X Link 2026-02-12T23:57Z 158.2K followers, [----] engagements
"π¨Cl0p Ransomware Claims [--] Victims Al Jomaih Automotive Fruit of the Loom Frontrol Humana Oracle Abbott Laboratories Mazda MAS Holdings Canon Trane Technologies Grupo Bimbo Bechtel Este Lauder Companies Alshaya Group Fleetship Management Mazda USA Worley L&L Products University of Phoenix Treet Corporation Greater Cleveland RTA A10 Networks Envoy Broadcom Southern Illinois University Dooney & Bourke WellBiz Brands Michelin Sumitomo Chemical Greenball Corporation https://twitter.com/i/web/status/1991550211500421456 https://twitter.com/i/web/status/1991550211500421456"
X Link 2025-11-20T16:52Z 158.2K followers, 45.7K engagements
"π¨ Pickett USA Engineering data dump for sale - [-----] GB of engineering data from major U.S. electricity utilities. Clients affected: Tampa Electric Company (TECO) Duke Energy Florida (DEF) American Electric Power (AEP) Data exposed (139.1 GB - [---] files): 800+ classified raw LiDAR point cloud files (.las format [---] MB to 2+ GB each) Transmission line corridors and substations coverage High resolution orthophotos (.ecw format up to [---] MB per project) MicroStation design files (.dgn) and PTC settings Vegetation feature files (up to [--] GB) Fixed price: [---] Bitcoin (BTC) or Monero (XMR)"
X Link 2026-01-01T21:39Z 158.2K followers, [----] engagements
"π¨ SLSH (Scattered LAPSUS$ ShinyHunters) is actively targeting 100+ enterprises via live phishing panels Targets include: Technology & Software: Atlassian AppLovin Canva Epic Games Genesys HubSpot RingCentral ZoomInfo Iron Mountain Fintech & Payments: Adyen Jack Henry Shift4 Payments SoFi Biotech & Pharma: Alnylam Amgen Arvinas Biogen Gilead Sciences Moderna Neurocrine Biosciences Financial Services / Banking: Apollo Global Mgmt Blackstone Cohen & Steers Frost Bank goeasy Ltd. Guild Mortgage Morningstar RBC Securian Financial State Street TPG Capital Real Estate (REITs & Investment): Avison"
X Link 2026-01-29T03:06Z 158.2K followers, 14.8K engagements
"β Firewall and network admin panel access to a Chinese finance organization is being sold for $300. The listing claims root RCE plus shell access on a Linux-based firewall device. The seller a known initial access broker is accepting contact through Session"
X Link 2026-02-03T19:04Z 158.2K followers, [----] engagements
"β Data from "Choisir le service public" the French government's official public sector job portal is allegedly being sold. The listing claims to contain records of [------] job seekers with proof screenshots showing candidate profiles including personal details emails phone numbers and application history. https://twitter.com/i/web/status/2018790474115613160 https://twitter.com/i/web/status/2018790474115613160"
X Link 2026-02-03T20:55Z 158.2K followers, [----] engagements
"A set of [---] Canadian credit cards obtained via sniffing is being auctioned with a claimed 7595% validity rate. The data includes full card numbers CVVs expiration dates names addresses phone numbers emails and IPs. Card balances reportedly range from $300$600. The auction starts at $2000 with a blitz price of $6000. https://twitter.com/i/web/status/2019883611705733216 https://twitter.com/i/web/status/2019883611705733216"
X Link 2026-02-06T21:19Z 158.2K followers, [----] engagements
"β RDP access with user rights to an Australian machinery and equipment company with $12M+ in revenue is being sold for $800. The listing notes Trend Micro antivirus is in place"
X Link 2026-02-10T21:12Z 158.2K followers, [----] engagements
"CVE-2024-27564: OpenAI ChatGPT Server-Side Request Forgery PoC: Vulnerable Parameter : pictureproxy.phpurl=payload A vulnerability in pictureproxy.php allows remote attackers to perform arbitrary requests by injecting URLs into the url parameter. This SSRF vulnerability can be exploited without authentication. https://github.com/chsxthwik/CVE-2024-27564 https://github.com/chsxthwik/CVE-2024-27564"
X Link 2026-02-11T18:11Z 158.2K followers, [----] engagements
"β BD Anonymous targeted the website of Tel Aviv University"
X Link 2026-02-11T21:26Z 158.2K followers, [----] engagements
"0APT has claimed [--] victims. Newly named as of Jan [--] the group is already calling out some MAJOR organizations. Possible scam group HCA Healthcare (UK Private Division) Vestas Wind Systems Edwards Lifesciences Keysight Technologies Hologic Galderma Sysmex Corporation Align Technology Snap-on Incorporated Varian Medical Systems Bruker BioSpin Teledyne Technologies Terumo Corporation Xylem Inc. bioMrieux Ingersoll Rand Masimo Halma PerkinElmer Zebra Technologies Andritz Group Prince Court Medical Hexagon AB Al-Futtaim Conglomerate Sandvik Coromant Teleflex ResMed Epworth Private Healthcare"
X Link 2026-02-04T17:03Z 158.2K followers, [----] engagements
"139 TB of data No shot"
X Link 2026-02-04T20:27Z 158.2K followers, 179.9K engagements
"Webmail credentials for the Argentine Air Force (Fuerza Area Argentina) have been posted freely with screenshots showing access to internal email accounts at webcorreo.faa.mil.ar. The proof includes views of official correspondence personnel documents judicial records and internal communications referencing brigade operations union matters and personnel evaluations. https://twitter.com/i/web/status/2019802419891204119 https://twitter.com/i/web/status/2019802419891204119"
X Link 2026-02-06T15:56Z 158.2K followers, [----] engagements
"Vouch: A contributor trust management system based on explicit vouches to participate. GitHub: https://github.com/mitchellh/vouch https://github.com/mitchellh/vouch"
X Link 2026-02-08T00:41Z 158.2K followers, [----] engagements
"β A data set allegedly from Inter Rapidsimo described as Colombia's largest cargo and courier company has been posted with [------] customer records. The dump is dated February [----] and includes user IDs names passwords phone numbers emails addresses authentication data API tokens location IDs registration numbers and internal platform settings. http://interrapidisimo.com http://interrapidisimo.com"
X Link 2026-02-10T15:20Z 158.2K followers, 61.9K engagements
"Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Allegedly Exposes Thousands of Instances (CVE-2026-1731) https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/ https://darkwebinformer.com/critical-pre-auth-rce-vulnerability-in-beyondtrust-remote-support-pra-allegedly-exposes-thousands-of-instances-cve-2026-1731/"
X Link 2026-02-10T17:08Z 158.2K followers, [----] engagements
"Cl0p Ransomware Claims [--] Victims ANS Tech Inc Hudson Executive IT Architects Proactive Medical Smith IP Services BE09 Broadreach Retail RBD Construction Che Hardy Gokall IT Hudson Sustainable OneSupport GiaSpace GiaCare Hyde Park UMC AIG Business The Perpetual Garner Group Spohn Associates CFDT Boyden https://twitter.com/i/web/status/2021290815964725684 https://twitter.com/i/web/status/2021290815964725684"
X Link 2026-02-10T18:30Z 158.2K followers, [----] engagements
"A U.S. military aerospace simulations and defense contractor is being sold for $400 with root RCE shell access and a hijacked admin panel session on a Linux firewall device"
X Link 2026-02-10T22:09Z 158.2K followers, [----] engagements
"1/3 Domain admin access to a Moroccan manufacturing company with $20M in revenue is being auctioned. The listing specifies Sophos VPN with Trend Micro antivirus. Auction starts at $1500 with a blitz price of $3500"
X Link 2026-02-11T16:27Z 158.2K followers, [----] engagements
"WordPress admin shell and database access to an international e-commerce store is being auctioned. The site has a $601.91 average order value with [---] orders in January (351 card [--] crypto) and [---] in February (109 card [--] crypto). A payment card redirect tap is in place with 100% unique orders. The auction starts at $1000 with a blitz price of $2500. https://twitter.com/i/web/status/2021637425286816189 https://twitter.com/i/web/status/2021637425286816189"
X Link 2026-02-11T17:28Z 158.2K followers, [----] engagements
"I simplified the UI for the GitHub advisories. The additional details. CWE references timestamps etc are now available in the detail modal. It's not complete but it's getting there. π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking it will be available at the end of February but I haven't decided on what tier. Faster loading and filtering - Searching sorting and switching https://t.co/3qSEmilOIt π₯ GitHub Advisories which is currently only available to Elite subscribers got some performance updates today. I'm thinking"
X Link 2026-02-11T18:30Z 158.2K followers, [----] engagements
"I made some changes to the Keyword Notifications which only works for new blog posts. It is streamlined to use the same notification setup as the threat feeds but applies to blog posts to not interfere. Be sure to setup browser notifications for the threat feeds separately"
X Link 2026-02-11T19:54Z 158.2K followers, [----] engagements
"Chris Titus Tech's Windows Utility: It is meant to streamline installs debloat with tweaks troubleshoot with config and fix Windows updates GitHub: https://github.com/ChrisTitusTech/winutil https://github.com/ChrisTitusTech/winutil"
X Link 2026-02-11T20:29Z 158.2K followers, [----] engagements
"Odido Telecom Says Customer Data Compromised in Cyberattack The breach involves personal data from a customer contact system used by Odido. Approximately [---] million accounts are said to be affected. The intrusion was discovered several days ago. The following data was exposed according to Obido: Full name Address and city of residence Mobile number Customer number Email address IBAN (bank account number) Date of birth Identification details (passport or driver's license number and expiration date)"
X Link 2026-02-12T15:59Z 158.2K followers, [----] engagements
"The Hackers Who Trolled The FBI (twice) On March 15th [----] the FBI led a coordinated takedown of BreachForums the largest data-leak forum on the internet after years of silently tracking its members from Diogo Santos Coelho's RaidForums to Pompompurin's reign and Baphomet's brief attempt to keep it alive. The operation unraveled a network of cybercriminals including ShinyHunters a group behind some of the biggest corporate breaches in history who had spent years openly trolling the FBI. https://twitter.com/i/web/status/2021985395081195767 https://twitter.com/i/web/status/2021985395081195767"
X Link 2026-02-12T16:30Z 158.2K followers, [----] engagements
"Video Credit: http://youtube.com/@ByPandemonium http://youtube.com/@ByPandemonium"
X Link 2026-02-12T16:31Z 158.2K followers, [----] engagements
"π₯ Ransomware Decryptor Database: A free searchable database of 150+ ransomware decryption tools. Search by name file extension or vendor. Mostly sourced from the No More Ransom Project. https://darkwebinformer.com/ransomware-decryptor-database/ https://darkwebinformer.com/ransomware-decryptor-database/"
X Link 2026-02-12T17:34Z 158.2K followers, [----] engagements
"Source links go to the vendor's decryptor page not direct downloads. If you know of a link to a guide/decryptor source that isn't listed/missing. Let me know and I will verify and add it"
X Link 2026-02-12T17:34Z 158.2K followers, [----] engagements
"And so another chapter begins. A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB A forum thread advertising Qilin RaaS activity alongside Cry0 has been spotted. The post openly recruits affiliates and outlines ransomware capabilities including selective encryption modes and shadow copy removal. https://t.co/RN1k1G0VfB"
X Link 2026-02-12T17:59Z 158.2K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS macOS tvOS watchOS and visionOS contain an improper restriction of operations"
X Link 2026-02-12T18:51Z 158.2K followers, 11.7K engagements
"Ransomware Attack Update - February 12th [----] https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/ https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/"
X Link 2026-02-12T22:33Z 158.2K followers, [----] engagements
"Email with the new design came broken will be fixed for tomorrow's email. View from the website instead"
X Link 2026-02-13T00:04Z 158.2K followers, [----] engagements
"π°ADT Inc has Filed ANOTHER Form 8-K due to a Cybersecurity Incident https://darkwebinformer.com/adt-inc-has-filed-another-form-8-k-due-to-a-cybersecurity-incident/ https://darkwebinformer.com/adt-inc-has-filed-another-form-8-k-due-to-a-cybersecurity-incident/"
X Link 2024-10-08T13:38Z 158.1K followers, [----] engagements
"hackGPT: I leverage OpenAI and ChatGPT to do hackerish things Link: GitHub: https://github.com/NoDataFound/hackGPT http://hackGPT.com https://github.com/NoDataFound/hackGPT http://hackGPT.com"
X Link 2025-05-25T22:08Z 158.1K followers, 175.8K engagements
"There appears to be a massive outage going on. Twitch Discord Google Cloud Google Google Meet Google Nest CharacterAI Etsy Khan Academy Google Drive Google Maps Pokemon TCG Dialpad Mailchimp HighLevel Amazon Web Services OpenAI Cloudflare Anthropic Breezeline Dragon Ball State Farm Embark Studios Gmail Rocket League DoorDash Wells Fargo Marvel MLB TV Google Gemini Fortnite Spotify Shopify Snapchat Tekken Box Equifax Roll20 Cursor Looker Studio FuboTV IKEA reCAPTCHA GitLab Steam Clover POS Systems AMC Theatres NPM"
X Link 2025-06-12T18:21Z 158.1K followers, 777K engagements
"π¨π¨Archetyp Darknet Market the world's largest Darknet Market has been seized by law enforcement"
X Link 2025-06-16T09:25Z 158.2K followers, 168.8K engagements
"π¨Alleged Data Breach of Hotel Regina Isabella 30K+ Guest Passport & ID Scans Industry: Hospitality / Luxury Resorts Threat Actor: mydocs Forum: DarkForums Network: Clearnet Dark Web Details: A threat actor is selling over [-----] high-resolution scans and photos of guest identity documents allegedly obtained from a private source linked to Hotel Regina Isabella a high-end resort located in Ischia Italy. The dataset includes a wide variety of global ID types and document formats. Leaked data includes: 30K+ guest identity document scans Document types: Passports (EU US Middle East) Italian ID"
X Link 2025-08-05T15:26Z 158.1K followers, [----] engagements
"π¨D4RK 4RMY Ransomware Claims [--] New Victims Mizuha Financial Group Tsai Capital Onex Canada Asset Management Inc Magellan Financial Group Bridgewater Associates"
X Link 2025-08-07T16:42Z 158K followers, [----] engagements
"InstagramPrivSniffer: Views Instagram private account's media without login GitHub: https://github.com/obitouka/InstagramPrivSniffer https://github.com/obitouka/InstagramPrivSniffer"
X Link 2025-09-25T17:32Z 158.1K followers, 174.4K engagements
"iptv: Collection of publicly available IPTV channels from all over the world GitHub: Channels: (38065channel(s)) https://iptv-org.github.io/ https://github.com/iptv-org/iptv https://iptv-org.github.io/ https://github.com/iptv-org/iptv"
X Link 2025-11-17T22:37Z 158.1K followers, 309.5K engagements
"π¨176 transfers have been made from the Silk Road crypto wallet in the last [--] hours https://intel.arkm.com/explorer/entity/silk-road https://intel.arkm.com/explorer/entity/silk-road"
X Link 2025-12-10T00:14Z 158.2K followers, 312.5K engagements
"π¨BreachForums is back again. Clearnet: breachforums.bf Dark Web: http://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion IP: 91.215.85.48 ASN: [------] Server: Apache/2.4.65 (Debian) IP: 45.134.26.22 ASN: [------] Server: Apache/2.4.65 (Debian)"
X Link 2025-12-14T16:10Z 158.1K followers, 95.1K engagements
"π¨ Alleged leak of CAF (Caisse dAllocations Familiales) Lines: [--------] Size: 15.3GB"
X Link 2025-12-18T00:31Z 158.2K followers, 76.1K engagements
"π¨ Alleged Sale of Major Web3 Rewards Platform Database Affecting 467K Users"
X Link 2025-12-23T22:26Z 158K followers, [----] engagements
"βThreat actor auctioning RDP access to an Italian manufacturing company π Italy Access Type: RDP Privileges: Domain User Hosts: [--] Threat Actor: Big-Bro Samples: No Auction Details: Start: $850 Step: $250 Flash/Blitz: $1500"
X Link 2026-01-09T00:25Z 157.9K followers, [----] engagements
"π§leaker: A leak discovery tool that returns valid credential leaks for emails using passive online sources. GitHub: Nice password examples π https://github.com/vflame6/leaker https://github.com/vflame6/leaker"
X Link 2026-01-12T19:29Z 158.2K followers, 119K engagements
"In October [----] a critical server-side flaw in Instagram made it possible for unauthenticated attackers to view private photos and captions without needing to log in or to follow the account. Instagram silently patched the vulnerability. Heres how the PoC worked"
X Link 2026-01-26T15:50Z 158.2K followers, 28.7K engagements
"CVE-2026-24061: Telnet RCE Exploit GitHub: This script exploits the CVE-2026-24061 vulnerability in Telnet servers using a malformed USER environment variable. CVSS: [---] Usage: python telnet_rce.py host -p port Arguments: host: Target IP address or hostname (required) -p --port: Target port (default: 23) Example: python telnet_rce.py 192.168.1.100 python telnet_rce.py -p [--] http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061 http://example.com https://github.com/SafeBreach-Labs/CVE-2026-24061"
X Link 2026-01-27T00:05Z 158.2K followers, 46.5K engagements
"A threat actor is selling a hidden crypto contract checker tool built in Go for $15000 ($12000 for the first buyer) which scans EVM addresses across multiple networks including Ethereum BSC Polygon Arbitrum and Avalanche to identify contracts with hidden balances not detected by platforms like DeBank with lifetime updates and planned XMR Monero and Solana support. https://twitter.com/i/web/status/2018362829015781760 https://twitter.com/i/web/status/2018362829015781760"
X Link 2026-02-02T16:36Z 158.1K followers, 31.8K engagements
"AutoPentestX - Linux Automated Pentesting & Vulnerability Reporting Tool GitHub: https://github.com/Gowtham-Darkseid/AutoPentestX https://github.com/Gowtham-Darkseid/AutoPentestX"
X Link 2026-02-02T18:16Z 158.2K followers, 38.2K engagements
"Confidential military data from SEKISUI Aerospace Corporation a Tier [--] supplier for Boeing 737/787 programs and U.S. military contracts is allegedly being sold for $200000. The [--] GB package reportedly contains ITAR/export-controlled engineering drawings STEP and CATIA files bills of materials with Boeing part numbers tooling and fixture data and 3D assembly models tied to programs for Boeing Commercial Boeing Defense NASA Lockheed Martin and Northrop Grumman. https://twitter.com/i/web/status/2018719471364403300 https://twitter.com/i/web/status/2018719471364403300"
X Link 2026-02-03T16:13Z 158.1K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://darkwebinformer.com/cisa-kev-catalog/ https://darkwebinformer.com/cisa-kev-catalog/"
X Link 2026-02-03T19:39Z 158K followers, [----] engagements
"CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554 CVSS: All [---] CVEs Published: January 28th [----] CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data https://t.co/sLpMXScxsC https://x.com/DarkWebInformer/status/2016936977430695962 SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551 CVE-2025-40552"
X Link 2026-02-03T19:40Z 157.9K followers, [----] engagements
"500 "validated" Fortinet VPN credentials collected from stealer logs are being auctioned with duplicates removed and validity confirmed via Tmchecker across multiple countries. The auction starts at $1500 with a flash price of $3000"
X Link 2026-02-04T16:01Z 158K followers, [----] engagements
"The IOC darkforums.io domain has been suspended. The new IOC domain is darkforums.me"
X Link 2026-02-04T22:01Z 158.2K followers, 23.6K engagements
".cz BreachForums was briefly defaced by what looks like a XSS vuln in XenForo. XenForo is a popular forum platform that I have seen used by a lot of actors most of which I have identified in my Threat-Surface repo on GitHub. Credit to antisocial for sending the video"
X Link 2026-02-04T23:08Z 158.2K followers, 15.8K engagements
"Incognito Market Owner "Pharaoh" Sentenced to [--] Years for Running $105M Dark Web Drug Empire Rui-Siang Lin a 24-year-old Taiwanese national who operated under the pseudonym "Pharaoh" was sentenced to [--] years in federal prison on February [--] [----] for running Incognito Market one of the largest dark web narcotics marketplaces ever created. The platform which operated from October [----] until its closure in March [----] facilitated over [------] drug transactions totaling more than $105 million in sales. Its inventory included over [----] kilograms each of cocaine and methamphetamine along with"
X Link 2026-02-05T16:30Z 158K followers, 22.3K engagements
"Dutch authorities just seized one Windscribe VPN server without a warrant claiming they'll return it after they "fully analyze it." They say their real concern "is the unredacted Epstein files we had on there.""
X Link 2026-02-06T00:20Z 158.2K followers, 15.8K engagements
"A dataset of [-----] cryptocurrency leads is being sold for $5000 with only one copy available. The data allegedly collected from advertising campaigns includes [-----] unique phone numbers and [-----] unique emails spanning multiple countries including Australia UK Canada France and over [--] others. Records contain names contact details registration dates and country information. https://twitter.com/i/web/status/2019798289630081182 https://twitter.com/i/web/status/2019798289630081182"
X Link 2026-02-06T15:40Z 158.1K followers, [----] engagements
"An initial access broker is selling full control access to two separate targets for $300 each. A European private file host and the second is a private AI business communications infrastructure platform. Both listings claim Linux OS firewall device access and root RCE with shell and network admin panel permissions. https://twitter.com/i/web/status/2020557187672686914 https://twitter.com/i/web/status/2020557187672686914"
X Link 2026-02-08T17:55Z 158.1K followers, 10K engagements
"β A data set allegedly from casio.ru the Russian arm of Casio has been posted with over [--] million records. The data includes full names cities addresses phone numbers and country fields. Sample records show Russian citizens from cities including Tyumen Magnitogorsk Nizhny Tagil Ekaterinburg Chelyabinsk and Surgut. https://twitter.com/i/web/status/2021263319345045744 https://twitter.com/i/web/status/2021263319345045744"
X Link 2026-02-10T16:41Z 158.1K followers, [----] engagements
"XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687) https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/ https://darkwebinformer.com/xml-signature-wrapping-vulnerability-in-sap-netweaver-abap-allegedly-enables-identity-tampering-and-unauthorized-access-cve-2026-23687/"
X Link 2026-02-10T17:52Z 158.1K followers, [----] engagements
"CISA has added [--] vulnerabilities to the KEV Catalog CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. CVE-2026-21510: Microsoft Windows Shell Protection Mechanism"
X Link 2026-02-10T18:52Z 158.2K followers, [----] engagements
"New Forum: TierOne a/k/a T1erOne jprrin6bqe3flvtpyxkt4zsmzc3u6vvn7ahgtcbul224w3xn4h3gawid.onion t1eron3.vip Credit: @club31337"
X Link 2026-02-12T17:45Z 158.2K followers, [----] engagements
"π₯ Working on a new open source script that will be uploaded to GitHub sometime this month. It scans a base domain (example darkforums) across 224+ TLDs to find every registered variant. For each hit it pulls DNS records WHOIS registration data (registrar creation date registrant) TLS certificates and HTTP details including the page title. It flags newly registered domains suspicious TLDs parked pages and privacy-protected WHOIS. It outputs clickable terminal links auto-saves results to JSON with scan-over-scan diffing to catch new registrations. Python code with no APIs no dependencies no"
X Link 2026-02-06T17:24Z 158.2K followers, [----] engagements
"β Effective Feb 12th the @DarkWebIntelBot will be parked and will no longer provide intel. X released a pay-per-use API shortly after I made the below post and deprecated the free tier altogether. It's no longer worth maintaining. The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing cycle is over. It is not worth the $200 a month and could be better used towards infrastructure. All the current alerts on that account will still flow but will likely be rate The @DarkWebIntelBot that uses the X API is going to go back to the free tier when this billing"
X Link 2026-02-08T20:22Z 158.2K followers, 15K engagements
"β A threat actor is auctioning domain admin access to a U.S. construction management company with an estimated revenue of $20 million. The listing specifies Fortinet VPN access with SentinelOne antivirus in place. The auction starts at $2000 with a $500 step and a blitz price of $4000. https://twitter.com/i/web/status/2020895111630979114 https://twitter.com/i/web/status/2020895111630979114"
X Link 2026-02-09T16:18Z 158.2K followers, [----] engagements
"CVE-2025-1974: Kubernetes IngressNightmare Vulnerability CVSS: [---] PoC: PoC Published: March 26th [----] https://github.com/hakaioffsec/IngressNightmare-PoC https://github.com/hakaioffsec/IngressNightmare-PoC"
X Link 2026-02-10T00:49Z 158.2K followers, 15.5K engagements
"Domain user access to a Saudi Arabian airports and air services transportation company with $650K+ in revenue is being auctioned. The listing claims RDWEB access [--] domain controllers [----] domain computers a publicly traded company (stock symbol noted) and Micro Trend antivirus. Auction starts at $3500 with a blitz price of $4500. https://twitter.com/i/web/status/2021265154281804055 https://twitter.com/i/web/status/2021265154281804055"
X Link 2026-02-10T16:49Z 158.2K followers, [----] engagements
"Access to the Colombian Government Emergency Response Agency is being sold for $300 with root RCE shell and network admin panel on a Linux firewall device"
X Link 2026-02-10T22:12Z 158.2K followers, 61K engagements
"Root RCE and full admin panel access to a Chinese agentic AI edge-as-a-service (EaaS) corporation is being sold for $200. The target runs Linux with firewall device access"
X Link 2026-02-10T22:13Z 158.2K followers, 10.6K engagements
"2/3 Domain user access to an Australian retail company with $20M in revenue is being auctioned. The listing specifies Sophos VPN access. Auction starts at $1500 with a blitz price of $3000"
X Link 2026-02-11T16:27Z 158.2K followers, [----] engagements
"Video Credit: Video Date: September 14th [----] http://youtube.com/@Quantum-Hacker http://youtube.com/@Quantum-Hacker"
X Link 2026-02-11T18:11Z 158.2K followers, [----] engagements
"PLAY Ransomware has added four new victims to its leak site: Northbridge A commercial real estate investment and development firm. Makivik The legal representative corporation for Inuit beneficiaries of the James Bay and Northern Quebec Agreement. Catalanatto & Barnes A certified public accounting and advisory firm. Altak A construction and industrial services company. http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com http://altakinc.com http://bscatcpa.com http://makivik.org http://northbridgecre.com"
X Link 2026-02-11T20:20Z 158.2K followers, [----] engagements
"YouTube appears to be down at least for some of us. π"
X Link 2026-02-11T20:41Z 158.2K followers, 12.4K engagements
"π¨ A threat actor is allegedly selling access and data from a Spain-based business association on a hacking forum. The listing allegedly includes: Foothold/access to internal office network Email credentials (6000+ contacts in address book) Employee email credentials Email marketing account (3000+ contacts) Cloud storage access Social media accounts Extracted member PII (name DNI/ID NIF address email phone business name IBAN etc.) The threat actor is asking for $1000. https://twitter.com/i/web/status/2021694529783382429 https://twitter.com/i/web/status/2021694529783382429"
X Link 2026-02-11T21:15Z 158.2K followers, [----] engagements
"$1000 Bug Bounty 2FA bypass due to CSRF misconfiguration POC on demo website Writeup: https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1 https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1"
X Link 2026-02-11T23:37Z 158.2K followers, 12.8K engagements
"β German motorcycle site allegedly breached including live MySQL access and full banking data offered for sale π Germany Type: Data Breach / Initial Access Threat actor: OpenBullet Records: 75394+ SEPA records [-----] bank transactions [----] PayPal orders Samples: Yes The dataset includes SEPA direct debits bank transactions dating back to [----] user bank accounts PayPal order records and payment method details. Email and hashed password data is also allegedly included. Data includes: Full customer IBANs BICs account holder names sender names bank account numbers (Kontonummer/BLZ) transaction"
X Link 2026-02-12T15:47Z 158.2K followers, [----] engagements
"CISA added one more vulnerability to the KEV Catalog today. CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. CISA has added [--] vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater contains a download of code without integrity check vulnerability that could allow an attacker to"
X Link 2026-02-12T20:40Z 158.2K followers, [----] engagements
"A threat actor is selling an alleged critical severity OpenSea 0-day exploit chain for $100000 USD (BTC/XMR). The threat actor claims the exploit affects OpenSea's Seaport order validation logic on Ethereum Main Net Polygon and Blast enabling forced transfer of high-value NFTs at [--] ETH bypassing listing approvals and working on both active and inactive listings. The seller claims the vulnerability is unpatched and undisclosed. https://twitter.com/i/web/status/2022081741196869905 https://twitter.com/i/web/status/2022081741196869905"
X Link 2026-02-12T22:53Z 158.2K followers, 64.7K engagements
"I am no longer posting on Infosec Exchange or Telegram. Infosec Exchange was never really for me and Telegram has become difficult to manage with six channels. Its more manageable to focus on just two platforms (X and Discord) instead of having to follow up on [--]. It also makes things easier not having to copy and paste content across multiple socials. I will still be hiding on Telegram just not posting. I also do not have a username there. Other than that everything else remains the same when it comes to seeing posts on social media. http://darkwebinformer.com/socials"
X Link 2026-02-13T00:48Z 158.2K followers, [----] engagements
"ShinyHunters claims Figure Technology Solutions Inc. as a victim"
X Link 2026-02-13T01:30Z 158.2K followers, [----] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing