Havoc: A modern and malleable post-exploitation command and control framework

GitHub: https://github.com/HavocFramework/Havoc

‼️🇹🇳 A threat actor announces the hacking of GlobalNet, a Tunisian internet and telecommunications provider, claiming to have extracted the company's databases and gained access to internal systems, subdomains, and employee branches.

Screenshots show phpMyAdmin database access, internal contract management panels, client records with contract details and expiration dates, and ownCloud file storage containing multiple data folders.

The threat actor warns of continued attacks against Tunisian entities.

‼️ A threat actor is selling "SupaGuard," an automated vulnerability scanner panel designed to scan for exposed Supabase instances, .env files, crypto private keys, crypto seeds, and custom directories.

The dashboard shows 313 findings across 125 affected domains, with 83,912 total scan jobs. Features include full admin access, Telegram notifications, a leaderboard, domain scraper, custom scan rules, and a database viewer.

Price: $5,000 (includes full source code, future updates, and setup assistance).

‼️🇧🇷 A threat actor is allegedly selling full access to a Brazilian Police investigation panel and law enforcement webmail from São Paulo's Civil Police (Polícia Civil do Estado de São Paulo).

The access reportedly comes bundled with an internal VPN, a functional policiacivil.sp.gov.br webmail, bypass, and a full investigation panel with lookups for Receita Federal tax records, national vehicle queries (DETRAN/RENAVAM), PIX transaction data, criminal records, court cases, driver licenses, and integrated criminal/intel databases (SINESP, INFOSEG).

The threat actor notes the institutional email is also used for law enforcement communications.

‼️🇮🇹 A threat actor is allegedly selling full network access to a cargo bike retailer based in Milan, Italy.

The access includes SSH and cPanel with full control privileges, containing mail and database access. The threat actor also claims to have n8n admin and Brevo API keys.

Screenshots show the cPanel dashboard, file system directory structure with WordPress installations and mail folders, and database records showing shop orders in EUR.

Price: $2,000.