π₯ The Combo List category on the threat feed will start to receive 30β70 more alerts per day going forward, possibly even more.
Working on some more things...
Working on some more things...
π2
βΌοΈβ οΈ A threat actor is allegedly selling a WordPress core Remote Code Execution (RCE) 0-day exploit affecting versions 6.8.1 through 6.9.3.
The Python-based exploit reportedly works with default settings and installations, requiring no authentication or user interaction. Proofs are available through the forum's guarantor service.
Price: $125,000.
The Python-based exploit reportedly works with default settings and installations, requiring no authentication or user interaction. Proofs are available through the forum's guarantor service.
Price: $125,000.
πͺ Slice For Life πͺ
βΌοΈ All DF domains are down including mirrors/onion, giving a 522 error.
.@CCITIC_ORG (X) has claimed to have taken down DarkForums.
https://x.com/CCITIC_ORG/status/2034717012983795897
https://x.com/CCITIC_ORG/status/2034717012983795897
βΌοΈ Handala Hack just released a statement in response to having its domains seized earlier today by the FBI.
π₯2
Cyberattack News Alert
βββββββββββββββββββββββββ
Victim: Foster City
Domain:
Country: πΊπΈ US
Date: Mar 19th, 2026
Summary:
Foster City's public services were suspended following a cyber ransomware attack discovered on Thursday morning. Although the emergency services remain operational, the city investigates the extent of the breach and declares the state of emergency to obtain external support. Municipal employees work with external experts to restore systems and secure potentially compromised public information.
Source: https://www.mercurynews.com/2026/03/19/foster-city-services-impacted-by-cyber-security-breach/
βββββββββββββββββββββββββ
Victim: Foster City
Domain:
fostercity.orgCountry: πΊπΈ US
Date: Mar 19th, 2026
Summary:
Foster City's public services were suspended following a cyber ransomware attack discovered on Thursday morning. Although the emergency services remain operational, the city investigates the extent of the breach and declares the state of emergency to obtain external support. Municipal employees work with external experts to restore systems and secure potentially compromised public information.
Source: https://www.mercurynews.com/2026/03/19/foster-city-services-impacted-by-cyber-security-breach/
The Mercury News
Foster City services impacted by cyber security breach
Ransomware was discovered on city networks Thursday morning.
β οΈ FBI Watchdog - DNS Change (NS) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: rondastore.org
Record Type: DNS Change (NS)
Time Detected: 2026-03-20 12:03:32 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: rondastore.org
Record Type: DNS Change (NS)
Time Detected: 2026-03-20 12:03:32 UTC
Previous Records:
dora.ns.cloudflare.com.
sam.ns.cloudflare.com.
New Records:
ns100.webnic.cc.
ns101.webnic.cc.
Cyberattack News Alert
βββββββββββββββββββββββββ
Victim: Los Angeles County Metropolitan Transportation Authority
Domain:
Country: πΊπΈ US
Date: Mar 20th, 2026
Summary:
The Los Angeles Metro restricted access to its internal computer systems after detecting unauthorized activity, disrupting certain passenger information and options for reloading TAP cards. Although trains and buses continued to operate normally, the agency warned users to reload their cards via physical terminals pending resolution of the problem. No organization claimed responsibility for this incident, although ransomware.live listed the city of Los Angeles as a target of the "Worldleaks" group on March 20, 2026.
Source: https://dysruptionhub.com/la-metro-unauthorized-activity-california/
βββββββββββββββββββββββββ
Victim: Los Angeles County Metropolitan Transportation Authority
Domain:
metro.netCountry: πΊπΈ US
Date: Mar 20th, 2026
Summary:
The Los Angeles Metro restricted access to its internal computer systems after detecting unauthorized activity, disrupting certain passenger information and options for reloading TAP cards. Although trains and buses continued to operate normally, the agency warned users to reload their cards via physical terminals pending resolution of the problem. No organization claimed responsibility for this incident, although ransomware.live listed the city of Los Angeles as a target of the "Worldleaks" group on March 20, 2026.
Source: https://dysruptionhub.com/la-metro-unauthorized-activity-california/
DysruptionHub
Los Angeles Metro limits internal system access after unauthorized activity
Los Angeles Metro restricted internal systems after unauthorized activity, disrupting arrival displays and some TAP reloads; service continued.
Cyberattack News Alert
βββββββββββββββββββββββββ
Victim: Mutuelle Familiale
Domain:
Country: π«π· FR
Date: Mar 17th, 2026
Summary:
The Family Mutual was the victim of a cybersecurity incident on 17 March, resulting in a temporary unavailability of its services. Investigations are underway to determine the origin of the attack. The mutual recommends that its members be vigilant in the face of any suspicious solicitation.
Source: https://www.argusdelassurance.com/assurance-de-personnes/cyber-attaque-une-mutuelle-victime-dune-intrusion-plus-113-000-assures-potentiellement-concernes.VNWUABFCXBFHRMZZXKFNZW7R3Q.html
βββββββββββββββββββββββββ
Victim: Mutuelle Familiale
Domain:
mutuelle-familiale.frCountry: π«π· FR
Date: Mar 17th, 2026
Summary:
The Family Mutual was the victim of a cybersecurity incident on 17 March, resulting in a temporary unavailability of its services. Investigations are underway to determine the origin of the attack. The mutual recommends that its members be vigilant in the face of any suspicious solicitation.
Source: https://www.argusdelassurance.com/assurance-de-personnes/cyber-attaque-une-mutuelle-victime-dune-intrusion-plus-113-000-assures-potentiellement-concernes.VNWUABFCXBFHRMZZXKFNZW7R3Q.html
L'Argus de l'assurance
Cyber attaque : une mutuelle victime dβune intrusion, plus de 113 000 assurΓ©s potentiellement concernΓ©s
Les services de la mutuelle sont suspendus. Des investigations sont en cours pour dΓ©terminer lβΓ©tendue des dΓ©gΓ’ts.
βΌοΈπ A threat actor has allegedly leaked data from Indymedia.org, an independent media platform, claiming to have exploited an RCE SQL injection vulnerability on the site's Drupal 7 installation using the Metasploit framework.
The threat actor credits upperemel123 for discovering the vulnerability and shared the extracted data for free.
Note: DarkForums came back up very early this morning after their original host was taken down.
The threat actor credits upperemel123 for discovering the vulnerability and shared the extracted data for free.
Note: DarkForums came back up very early this morning after their original host was taken down.
β€2
Cyberattack News Alert
βββββββββββββββββββββββββ
Victim: Westport Fuel Systems
Domain:
Country: π¨π¦ CA
Date: Mar 17th, 2026
Summary:
Westport Fuel Systems reported unauthorized access to parts of its network, affecting internal computer applications and commercial information, on 17 March 2026. Although production systems remained intact and commercial transactions were not disrupted, the company delayed the filing of its annual financial statements beyond the regulatory deadline of March 31, 2026 to conduct additional audits. This cyberattack led to a neutral rating of the action by TipRanks AI, highlighting weak financial performance despite operational resilience.
Source: https://www.tipranks.com/news/company-announcements/westport-fuel-systems-discloses-cyberattack-and-warns-of-delay-to-2025-annual-results
βββββββββββββββββββββββββ
Victim: Westport Fuel Systems
Domain:
wfsinc.comCountry: π¨π¦ CA
Date: Mar 17th, 2026
Summary:
Westport Fuel Systems reported unauthorized access to parts of its network, affecting internal computer applications and commercial information, on 17 March 2026. Although production systems remained intact and commercial transactions were not disrupted, the company delayed the filing of its annual financial statements beyond the regulatory deadline of March 31, 2026 to conduct additional audits. This cyberattack led to a neutral rating of the action by TipRanks AI, highlighting weak financial performance despite operational resilience.
Source: https://www.tipranks.com/news/company-announcements/westport-fuel-systems-discloses-cyberattack-and-warns-of-delay-to-2025-annual-results
TipRanks
Westport Fuel Systems Discloses Cyberattack and Warns of Delay to 2025 Annual Results
Westport Fuel Systems ( ($TSE:WPRT) ) has shared an announcement. Westport Fuel Systems reported that on March 17, 2026 it detected unauthorized access to parts of ...
βΌοΈπΊπΈ World Leaks has allegedly claimed the City of Los Angeles (LA).
The listing shows 159.9 GB of confidential data across 779 files, with 3 screenshots provided as proof.
The City of Los Angeles has a reported revenue of $10.2 billion.
The listing shows 159.9 GB of confidential data across 779 files, with 3 screenshots provided as proof.
The City of Los Angeles has a reported revenue of $10.2 billion.
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: WHOIS Change
Time Detected: 2026-03-20 15:35:55 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: WHOIS Change
Time Detected: 2026-03-20 15:35:55 UTC
Previous Records:
name_servers: ['1-you njalla no', '2-can njalla in', '3-get njalla fo']
New Records:
name_servers: ['1-you njalla no', '2-can njalla in', '3-get njalla fo'] β ['amber ns cloudflare com', 'chris ns cloudflare com']
βΌοΈπ«π· A threat actor is allegedly selling personal data of 109,302 people from the ConfΓ©dΓ©ration Musicale de France (CMF), a national organization that brings together amateur music ensembles such as wind bands, orchestras, and choirs across France.
The data reportedly includes 86,809 unique addresses, 81,404 unique phone numbers, and 80,518 unique emails. A 1K sample and proof links were provided.
The data reportedly includes 86,809 unique addresses, 81,404 unique phone numbers, and 80,518 unique emails. A 1K sample and proof links were provided.
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: WHOIS Change
Time Detected: 2026-03-20 15:57:53 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: WHOIS Change
Time Detected: 2026-03-20 15:57:53 UTC
Previous Records:
name_servers: ['amber ns cloudflare com', 'chris ns cloudflare com']
New Records:
name_servers: ['amber ns cloudflare com', 'chris ns cloudflare com'] β ['1-you njalla no', '2-can njalla in', '3-get njalla fo']
β οΈ FBI Watchdog - DNS New Domain (AAAA) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: DNS New Domain (AAAA)
Time Detected: 2026-03-20 16:16:10 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: DNS New Domain (AAAA)
Time Detected: 2026-03-20 16:16:10 UTC
Previous Records:
None
New Records:
2606:4700:3030::6815:6cb
2606:4700:3037::ac43:8740
β οΈ FBI Watchdog - IP Change (new ips added) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: IP Change (new ips added)
Time Detected: 2026-03-20 16:18:53 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: IP Change (new ips added)
Time Detected: 2026-03-20 16:18:53 UTC
Previous Records:
A: 88.214.24.107
AAAA:
New Records:
AAAA: None β 2606:4700:3030::6815:6cb, 2606:4700:3037::ac43:8740
Classification: 2 new IP(s) added
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: WHOIS Change
Time Detected: 2026-03-20 16:43:27 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: WHOIS Change
Time Detected: 2026-03-20 16:43:27 UTC
Previous Records:
name_servers: ['1-you njalla no', '2-can njalla in', '3-get njalla fo']
New Records:
name_servers: ['1-you njalla no', '2-can njalla in', '3-get njalla fo'] β ['amber ns cloudflare com', 'chris ns cloudflare com']