βΌοΈπ¨π΄ A threat actor from the Nyxar group is allegedly selling 750K records of Colombian citizens from INCODOL (Instituto Colombiano del Dolor), a Colombian pain management healthcare institution.
Exposed data allegedly includes IdentificaciΓ³n, Nombre completo, Tipo usuario, Plan cubrimiento, Fecha nacimiento, Sexo, Estado civil, DirecciΓ³n residencia, Tel. residencia, OcupaciΓ³n, Empresa, DirecciΓ³n trabajo, TelΓ©fono trabajo, Acudiente, and Tel. acudiente.
20K sample provided. Price: $200.
Exposed data allegedly includes IdentificaciΓ³n, Nombre completo, Tipo usuario, Plan cubrimiento, Fecha nacimiento, Sexo, Estado civil, DirecciΓ³n residencia, Tel. residencia, OcupaciΓ³n, Empresa, DirecciΓ³n trabajo, TelΓ©fono trabajo, Acudiente, and Tel. acudiente.
20K sample provided. Price: $200.
βΌοΈπ¨π A threat actor is allegedly selling a database breach from Sunrise, Switzerland's second-largest telecommunications provider, offering comprehensive fixed network access and mobile network coverage across the country.
The breach allegedly contains 6M+ customer details including Usernames, PII (payment information), Passwords, Phones, Address, Payment details (not CC included), Plans, Subscriptions, and all data information.
Price: $10,000.
The breach allegedly contains 6M+ customer details including Usernames, PII (payment information), Passwords, Phones, Address, Payment details (not CC included), Plans, Subscriptions, and all data information.
Price: $10,000.
βΌοΈπ²π½ A threat actor claims to have found the hotel management system of Hotel Lucerna Tijuana, a 5-star hotel in Mexico, fully exposed with no authentication required.
The exposure is still active as of March 2026 and allegedly contains:
β«οΈLive guest names (78 current occupants)
β«οΈRoom numbers (real-time)
β«οΈMaid status (Occupied/Dirty, Vacant/Clean)
β«οΈ2+ years of wake-up call logs
β«οΈGuest names + dates of stay
β«οΈCall attempt details (answered, busy, no answer)
Stats: 78 live guests as of March 9, 2026, 500+ historical records spanning December 2024 - March 2026.
The exposure is still active as of March 2026 and allegedly contains:
β«οΈLive guest names (78 current occupants)
β«οΈRoom numbers (real-time)
β«οΈMaid status (Occupied/Dirty, Vacant/Clean)
β«οΈ2+ years of wake-up call logs
β«οΈGuest names + dates of stay
β«οΈCall attempt details (answered, busy, no answer)
Stats: 78 live guests as of March 9, 2026, 500+ historical records spanning December 2024 - March 2026.
β οΈ FBI Watchdog - DNS New Domain (A) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (A)
Time Detected: 2026-03-09 18:20:38 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (A)
Time Detected: 2026-03-09 18:20:38 UTC
Previous Records:
None
New Records:
185.208.156.66
β οΈ FBI Watchdog - DNS New Domain (MX) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (MX)
Time Detected: 2026-03-09 18:20:40 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (MX)
Time Detected: 2026-03-09 18:20:40 UTC
Previous Records:
None
New Records:
0 darkforums.st.
β οΈ FBI Watchdog - DNS New Domain (NS) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (NS)
Time Detected: 2026-03-09 18:20:41 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (NS)
Time Detected: 2026-03-09 18:20:41 UTC
Previous Records:
None
New Records:
ns1.safe-networks.net.
ns2.safe-networks.net.
β οΈ FBI Watchdog - DNS New Domain (SOA) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (SOA)
Time Detected: 2026-03-09 18:20:42 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (SOA)
Time Detected: 2026-03-09 18:20:42 UTC
Previous Records:
None
New Records:
ns1.safe-networks.net. root.cp-01.safe-networks.net. 2026030905 3600 1800 1209600 86400
β οΈ FBI Watchdog - DNS New Domain (TXT) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (TXT)
Time Detected: 2026-03-09 18:20:44 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (TXT)
Time Detected: 2026-03-09 18:20:44 UTC
Previous Records:
None
New Records:
"v=spf1 +a +mx +ip4:185.208.156.66 ~all"
β οΈ FBI Watchdog - DNS New Domain (A) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.ru
Record Type: DNS New Domain (A)
Time Detected: 2026-03-09 18:45:52 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.ru
Record Type: DNS New Domain (A)
Time Detected: 2026-03-09 18:45:52 UTC
Previous Records:
None
New Records:
104.21.96.68
172.67.173.254
β€1
β οΈ FBI Watchdog - DNS New Domain (NS) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.ru
Record Type: DNS New Domain (NS)
Time Detected: 2026-03-09 18:45:56 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.ru
Record Type: DNS New Domain (NS)
Time Detected: 2026-03-09 18:45:56 UTC
Previous Records:
None
New Records:
johnathan.ns.cloudflare.com.
wren.ns.cloudflare.com.
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: WHOIS Change
Time Detected: 2026-03-09 18:46:47 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: WHOIS Change
Time Detected: 2026-03-09 18:46:47 UTC
Previous Records:
name_servers: ['ns1 safe-networks net', 'ns2 safe-networks net']
New Records:
name_servers: ['ns1 safe-networks net', 'ns2 safe-networks net'] β ['johnathan ns cloudflare com', 'wren ns cloudflare com']
βΌοΈ A threat actor is allegedly selling the database of MagicSlides.app, an AI-powered presentation generation platform, containing 2,385,847 unique emails.
The full database is reportedly over 50GB with the users table at 9GB. The data allegedly includes every single document and presentation created on the platform.
Sample provided. Price: $500.
The full database is reportedly over 50GB with the users table at 9GB. The data allegedly includes every single document and presentation created on the platform.
Sample provided. Price: $500.
β οΈ FBI Watchdog - DNS Change (SOA) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.su
Record Type: DNS Change (SOA)
Time Detected: 2026-03-09 19:19:20 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.su
Record Type: DNS Change (SOA)
Time Detected: 2026-03-09 19:19:20 UTC
Previous Records:
johnathan.ns.cloudflare.com. dns.cloudflare.com. 2398075957 10000 2400 604800 1800
New Records:
johnathan.ns.cloudflare.com. dns.cloudflare.com. 2398568049 10000 2400 604800 1800
β οΈ FBI Watchdog - DNS New Domain (TXT) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.su
Record Type: DNS New Domain (TXT)
Time Detected: 2026-03-09 19:19:21 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.su
Record Type: DNS New Domain (TXT)
Time Detected: 2026-03-09 19:19:21 UTC
Previous Records:
None
New Records:
"google-site-verification=3iarVV2oDOICgAGp2jEwXSHitAbvb31g75Q61S3911w"
β οΈ FBI Watchdog - DNS New Domain (AAAA) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (AAAA)
Time Detected: 2026-03-09 19:27:14 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: darkforums.st
Record Type: DNS New Domain (AAAA)
Time Detected: 2026-03-09 19:27:14 UTC
Previous Records:
None
New Records:
2606:4700:3031::6815:5553
2606:4700:3033::ac43:cbdc
βΌοΈ DOJ Press Release
βββββββββββββββββββββ
Two ISIS Supporters Charged with Attempting to Detonate Explosive Devices During Protests Outside Gracie Mansion
Full Press Release β justice.gov
βββββββββββββββββββββ
π΅οΈ Dark Web Informer β’ DOJ Monitor
βββββββββββββββββββββ
Two ISIS Supporters Charged with Attempting to Detonate Explosive Devices During Protests Outside Gracie Mansion
Full Press Release β justice.gov
βββββββββββββββββββββ
π΅οΈ Dark Web Informer β’ DOJ Monitor
www.justice.gov
Two ISIS Supporters Charged with Attempting to Detonate Explosive
Today, the Department of Justice announced charges against Emir Balat and Ibrahim Kayumi alleging that they attempted to detonate two explosive devices in the vicinity of Gracie Mansion, and that they were acting in support of ISIS, a designated foreign terroristβ¦
π1
The GitHub Advisories that is currently in the Early Access Program for Elite subscribers got the following update today.
https://darkwebinformer.com/github-advisories-feed/
βͺοΈURL hash filter state: All filter selections (severity, search query, date range, CVSS range, CWE, ecosystem, review status) persist to the URL hash so you can share filtered views and they survive page reloads.
βͺοΈReviewed/Unreviewed toggle: A three-button filter (All / Reviewed / Unreviewed) in the advanced filter bar lets you filter advisories by their GitHub review status, with the reviewed field detected from multiple API field variants and defaulting to true for your feed. Unreviewed advisories will show none for right now.
βͺοΈEPSS 30-day trend sparkline: The advisory detail modal fetches historical EPSS time-series data from FIRST.org and renders an inline SVG sparkline showing the 30-day exploitation probability trend, color-coded red for trending up and green for trending down.
βͺοΈCVSS 10.0 distinction: Perfect 10.0 scores get their own visual treatment with a pulsing red glow animation, visually distinct from 9.0β9.9 criticals.
βͺοΈMobile refs count badge: A small refs count indicator appears on the vendor/ecosystem cell on mobile screens where the full References column is hidden, so mobile users know there's more data available in the detail view.
βͺοΈTheme persistence: Light/dark theme preference saves to localStorage and restores automatically on page load.
βͺοΈSparkline redraw cache: The 7-day activity sparkline checks a data fingerprint before redrawing and skips the canvas render if nothing changed, avoiding unnecessary repaints when toggling stats.
https://darkwebinformer.com/github-advisories-feed/
βͺοΈURL hash filter state: All filter selections (severity, search query, date range, CVSS range, CWE, ecosystem, review status) persist to the URL hash so you can share filtered views and they survive page reloads.
βͺοΈReviewed/Unreviewed toggle: A three-button filter (All / Reviewed / Unreviewed) in the advanced filter bar lets you filter advisories by their GitHub review status, with the reviewed field detected from multiple API field variants and defaulting to true for your feed. Unreviewed advisories will show none for right now.
βͺοΈEPSS 30-day trend sparkline: The advisory detail modal fetches historical EPSS time-series data from FIRST.org and renders an inline SVG sparkline showing the 30-day exploitation probability trend, color-coded red for trending up and green for trending down.
βͺοΈCVSS 10.0 distinction: Perfect 10.0 scores get their own visual treatment with a pulsing red glow animation, visually distinct from 9.0β9.9 criticals.
βͺοΈMobile refs count badge: A small refs count indicator appears on the vendor/ecosystem cell on mobile screens where the full References column is hidden, so mobile users know there's more data available in the detail view.
βͺοΈTheme persistence: Light/dark theme preference saves to localStorage and restores automatically on page load.
βͺοΈSparkline redraw cache: The 7-day activity sparkline checks a data fingerprint before redrawing and skips the canvas render if nothing changed, avoiding unnecessary repaints when toggling stats.
Dark Web Informer
GitHub Advisories Feed
β€1
πͺ Slice For Life πͺ
The GitHub Advisories that is currently in the Early Access Program for Elite subscribers got the following update today. https://darkwebinformer.com/github-advisories-feed/ βͺοΈURL hash filter state: All filter selections (severity, search query, date rangeβ¦
A note on the EPSS sparkline... the data from FIRST.org needs to be a couple days old for the sparkline to show. So if you are looking at 1-2 days, try going beyond that.