⚠️ FBI Watchdog - IP Change (hosting migration) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: rondastore.org
Record Type: IP Change (hosting migration)
Time Detected: 2026-03-19 16:54:19 UTC

Previous Records:

A: 5.188.86.67
AAAA: 

New Records:

A: 5.188.86.67 → 216.120.147.200
Classification: Complete IP replacement - likely hosting migration

‼️ All DF domains are down including mirrors/onion, giving a 522 error.

‼️ New Dark Web Informer Blog Post!

Title: World Monitor: A Free, Open-Source Global Intelligence Dashboard with 25 Data Layers and AI-Powered Threat Classification

Link: https://darkwebinformer.com/world-monitor-a-free-open-source-global-intelligence-dashboard-with-25-data-layers-and-ai-powered-threat-classification/

breachforums[.]ac was updated with a message below their current one. 🤷‍♀️

88[.]214[.]24[.]107 🤷‍♀️

‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━

Justice Department Disrupts Iranian Cyber Enabled Psychological Operations

Full Press Release → justice.gov

━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor

⚠️ FBI Watchdog - DNS New Domain (NS) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: breachforums.ai
Record Type: DNS New Domain (NS)
Time Detected: 2026-03-19 22:30:57 UTC

Previous Records:

None

New Records:

lauryn.ns.cloudflare.com.
thaddeus.ns.cloudflare.com.

‼️ Another BreachForums domain registration... forum is currently being tested.

breachforums[.]ai

‼️ Threat actor Tanaka has moved on from BreachForums and is now a trial mod on Spear.

💥 The Combo List category on the threat feed will start to receive 30–70 more alerts per day going forward, possibly even more.

Working on some more things...

‼️⚠️ A threat actor is allegedly selling a WordPress core Remote Code Execution (RCE) 0-day exploit affecting versions 6.8.1 through 6.9.3.

The Python-based exploit reportedly works with default settings and installations, requiring no authentication or user interaction. Proofs are available through the forum's guarantor service.

Price: $125,000.

.@CCITIC_ORG (X) has claimed to have taken down DarkForums.

https://x.com/CCITIC_ORG/status/2034717012983795897

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Foster City
Domain: fostercity.org

Country: 🇺🇸 US
Date: Mar 19th, 2026

Summary:
Foster City's public services were suspended following a cyber ransomware attack discovered on Thursday morning. Although the emergency services remain operational, the city investigates the extent of the breach and declares the state of emergency to obtain external support. Municipal employees work with external experts to restore systems and secure potentially compromised public information.

Source: https://www.mercurynews.com/2026/03/19/foster-city-services-impacted-by-cyber-security-breach/

⚠️ FBI Watchdog - DNS Change (NS) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: rondastore.org
Record Type: DNS Change (NS)
Time Detected: 2026-03-20 12:03:32 UTC

Previous Records:

dora.ns.cloudflare.com.
sam.ns.cloudflare.com.

New Records:

ns100.webnic.cc.
ns101.webnic.cc.

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Los Angeles County Metropolitan Transportation Authority
Domain: metro.net

Country: 🇺🇸 US
Date: Mar 20th, 2026

Summary:
The Los Angeles Metro restricted access to its internal computer systems after detecting unauthorized activity, disrupting certain passenger information and options for reloading TAP cards. Although trains and buses continued to operate normally, the agency warned users to reload their cards via physical terminals pending resolution of the problem. No organization claimed responsibility for this incident, although ransomware.live listed the city of Los Angeles as a target of the "Worldleaks" group on March 20, 2026.

Source: https://dysruptionhub.com/la-metro-unauthorized-activity-california/

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Mutuelle Familiale
Domain: mutuelle-familiale.fr

Country: 🇫🇷 FR
Date: Mar 17th, 2026

Summary:
The Family Mutual was the victim of a cybersecurity incident on 17 March, resulting in a temporary unavailability of its services. Investigations are underway to determine the origin of the attack. The mutual recommends that its members be vigilant in the face of any suspicious solicitation.

Source: https://www.argusdelassurance.com/assurance-de-personnes/cyber-attaque-une-mutuelle-victime-dune-intrusion-plus-113-000-assures-potentiellement-concernes.VNWUABFCXBFHRMZZXKFNZW7R3Q.html

‼️🌍 A threat actor has allegedly leaked data from Indymedia.org, an independent media platform, claiming to have exploited an RCE SQL injection vulnerability on the site's Drupal 7 installation using the Metasploit framework.

The threat actor credits upperemel123 for discovering the vulnerability and shared the extracted data for free.

Note: DarkForums came back up very early this morning after their original host was taken down.

‼️ Handala is back on a new clearnet domain:

handala-team[.]to

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Westport Fuel Systems
Domain: wfsinc.com

Country: 🇨🇦 CA
Date: Mar 17th, 2026

Summary:
Westport Fuel Systems reported unauthorized access to parts of its network, affecting internal computer applications and commercial information, on 17 March 2026. Although production systems remained intact and commercial transactions were not disrupted, the company delayed the filing of its annual financial statements beyond the regulatory deadline of March 31, 2026 to conduct additional audits. This cyberattack led to a neutral rating of the action by TipRanks AI, highlighting weak financial performance despite operational resilience.

Source: https://www.tipranks.com/news/company-announcements/westport-fuel-systems-discloses-cyberattack-and-warns-of-delay-to-2025-annual-results