βΌοΈπΊπΈ Tampa Smoke Shop Owner Arrested in Dark Web Narcotics Case
Ryan Perez, a Spring Hill resident who owned two "Hippie Crib" smoke shops in Tampa, was arrested after a year-long investigation into allegations that he used cryptocurrency to purchase narcotics through the dark web and sold them in the Tampa Bay area.
The case gained momentum after a man in Pasco County died of an overdose on December 26, 2025. The victim's wife identified the person who supplied her husband with MDMA (ecstasy) and told deputies he had complained about feeling extremely hot the night before his death. Investigators traced the drug supply chain through a series of suppliers, ultimately leading back to Perez as the source.
According to Hernando County Sheriff Al Nienhuis, the MDMA linked to the overdose death was roughly two and a half times stronger than what is typically found on the street.
When authorities executed a search warrant at Perez's home, they reported finding:
βͺοΈ2 pounds of MDMA
βͺοΈ10 counterfeit Adderall pills
βͺοΈ14 Β½ grams of LSD
βͺοΈ2 pounds of psilocybin mushrooms
βͺοΈ1 pound of marijuana plants
βͺοΈ20 pounds of other types of marijuana
Perez was charged with trafficking MDMA, trafficking LSD, possession of mushrooms with intent to sell, and additional drug-related offenses.
His wife, Adina Perez, was also arrested on MDMA trafficking charges. A third person at the home was arrested for felony marijuana possession.
The DEA also obtained warrants for the two Hippie Crib shops, where agents reportedly seized firearms and cryptocurrency machines (???).
A DEA agent stated that Perez had been importing chemicals from China, India, and European countries, packaging them, and distributing products whose contents, including synthetic opioids and cannabinoids, were unknown to buyers.
Ryan Perez, a Spring Hill resident who owned two "Hippie Crib" smoke shops in Tampa, was arrested after a year-long investigation into allegations that he used cryptocurrency to purchase narcotics through the dark web and sold them in the Tampa Bay area.
The case gained momentum after a man in Pasco County died of an overdose on December 26, 2025. The victim's wife identified the person who supplied her husband with MDMA (ecstasy) and told deputies he had complained about feeling extremely hot the night before his death. Investigators traced the drug supply chain through a series of suppliers, ultimately leading back to Perez as the source.
According to Hernando County Sheriff Al Nienhuis, the MDMA linked to the overdose death was roughly two and a half times stronger than what is typically found on the street.
When authorities executed a search warrant at Perez's home, they reported finding:
βͺοΈ2 pounds of MDMA
βͺοΈ10 counterfeit Adderall pills
βͺοΈ14 Β½ grams of LSD
βͺοΈ2 pounds of psilocybin mushrooms
βͺοΈ1 pound of marijuana plants
βͺοΈ20 pounds of other types of marijuana
Perez was charged with trafficking MDMA, trafficking LSD, possession of mushrooms with intent to sell, and additional drug-related offenses.
His wife, Adina Perez, was also arrested on MDMA trafficking charges. A third person at the home was arrested for felony marijuana possession.
The DEA also obtained warrants for the two Hippie Crib shops, where agents reportedly seized firearms and cryptocurrency machines (???).
A DEA agent stated that Perez had been importing chemicals from China, India, and European countries, packaging them, and distributing products whose contents, including synthetic opioids and cannabinoids, were unknown to buyers.
πͺ Slice For Life πͺ
βΌοΈπΊπΈ World Leaks has allegedly claimed the City of Los Angeles (LA). The listing shows 159.9 GB of confidential data across 779 files, with 3 screenshots provided as proof. The City of Los Angeles has a reported revenue of $10.2 billion.
"The Los Angeles Metro Transit System has also been breached and is now in shutdown mode
2 Bay Area cities in California are also currently in a states of emergency after separate ransomware attacks
1 hospital breached"
https://x.com/AlvieriD/status/2035066089869111802
2 Bay Area cities in California are also currently in a states of emergency after separate ransomware attacks
1 hospital breached"
https://x.com/AlvieriD/status/2035066089869111802
X (formerly Twitter)
Dominic Alvieri (@AlvieriD) on X
The City of Los Angeles was breached
The Los Angeles Metro Transit System has also been breached and is now in shutdown mode
2 Bay Area cities in California are also currently in a states of emergency after separate ransomware attacks
1 hospital breached
The Los Angeles Metro Transit System has also been breached and is now in shutdown mode
2 Bay Area cities in California are also currently in a states of emergency after separate ransomware attacks
1 hospital breached
βΌοΈ The FBI and CISA have issued a joint PSA warning that hackers linked to Russian intelligence are targeting high-value individuals such as government officials, military personnel and journalists through phishing attacks on commercial messaging apps like Signal.
The campaign has compromised thousands of accounts not through app vulnerabilities but by exploiting the users themselves.
https://www.ic3.gov/PSA/2026/PSA260320
The campaign has compromised thousands of accounts not through app vulnerabilities but by exploiting the users themselves.
https://www.ic3.gov/PSA/2026/PSA260320
βΌοΈπΈπͺ A threat actor has allegedly leaked the database of MiljΓΆdata, a Swedish system supplier that was reportedly the victim of a ransomware attack in August 2025.
The leak contains 1.5 million records across 119 files in CSV, TXT, and XLSX formats, including 870K unique email addresses.
The compromised data reportedly includes names/usernames, physical addresses, phone numbers, dates of birth, and national identity numbers.
The leak contains 1.5 million records across 119 files in CSV, TXT, and XLSX formats, including 870K unique email addresses.
The compromised data reportedly includes names/usernames, physical addresses, phone numbers, dates of birth, and national identity numbers.
βΌοΈThe FBI just released a FLASH warning on the government of Iran cyber actors deploying Telegram C2 to push Malware to identified targets.
https://www.ic3.gov/CSA/2026/260320.pdf
https://www.ic3.gov/CSA/2026/260320.pdf
β€2π₯2
βΌοΈ A cyberattack affecting Intoxalock is causing drivers to be unable to start their cars. The breathalyzer devices, known as ignition interlock systems, require drivers to blow into them to check their breath alcohol level before starting their cars, and if their blood alcohol is 0.02 or higher, the vehicle won't turn on.
However, since the cyberattack began on March 14, the company's servers have been knocked offline, meaning even sober drivers can't start their vehicles if their device is due for calibration.
The outage is affecting drivers across 46 states, with roughly 150,000 people using the system nationwide. Intoxalock says hackers have been flooding its servers, and the company has offered towing reimbursement to stranded drivers, though there's no clear timeline for when things will be fixed.
https://learn.intoxalock.com/status?fbclid=IwY2xjawQpAHBleHRuA2FlbQIxMABicmlkETFnaHFLcD[%E2%80%A6]G8md2U5BNgJkQNtoxnCEpw-luAQyUe0_aem_hcZebw9-fUhAqw150PSysA
However, since the cyberattack began on March 14, the company's servers have been knocked offline, meaning even sober drivers can't start their vehicles if their device is due for calibration.
The outage is affecting drivers across 46 states, with roughly 150,000 people using the system nationwide. Intoxalock says hackers have been flooding its servers, and the company has offered towing reimbursement to stranded drivers, though there's no clear timeline for when things will be fixed.
https://learn.intoxalock.com/status?fbclid=IwY2xjawQpAHBleHRuA2FlbQIxMABicmlkETFnaHFLcD[%E2%80%A6]G8md2U5BNgJkQNtoxnCEpw-luAQyUe0_aem_hcZebw9-fUhAqw150PSysA
π2
β οΈ FBI Watchdog - DNS Change (NS) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: DNS Change (NS)
Time Detected: 2026-03-20 22:49:33 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.ac
Record Type: DNS Change (NS)
Time Detected: 2026-03-20 22:49:33 UTC
Previous Records:
1-you.njalla.no.
2-can.njalla.in.
3-get.njalla.fo.
New Records:
amber.ns.cloudflare.com.
chris.ns.cloudflare.com.
I removed the pro/elite threat feed. Please use the current threat feed going forward and the ransomware feed for everything ransomware.
I also added a World heatmap to the threat feed. You will need to refresh to see it.
https://darkwebinformer.com/threat-feed/
I also added a World heatmap to the threat feed. You will need to refresh to see it.
https://darkwebinformer.com/threat-feed/
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.pw
Record Type: WHOIS Change
Time Detected: 2026-03-21 05:51:40 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breachforums.pw
Record Type: WHOIS Change
Time Detected: 2026-03-21 05:51:40 UTC
Previous Records:
status: ['clientdeleteprohibited', 'clienthold', 'clienttransferproh
New Records:
status: ['clientdeleteprohibited', 'clienthold', 'clienttransferprohibited', 'servert... β ['clientdeleteprohibited', 'clienthold', 'clienttransferprohibited']
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: rondastore.org
Record Type: WHOIS Change
Time Detected: 2026-03-21 07:10:12 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: rondastore.org
Record Type: WHOIS Change
Time Detected: 2026-03-21 07:10:12 UTC
Previous Records:
name_servers: ['ns100 webnic cc', 'ns101 webnic cc']
New Records:
name_servers: ['ns100 webnic cc', 'ns101 webnic cc'] β ['dora ns cloudflare com', 'sam ns cloudflare com']
β οΈ FBI Watchdog - IP Change (hosting migration) β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: rondastore.org
Record Type: IP Change (hosting migration)
Time Detected: 2026-03-21 07:31:50 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: rondastore.org
Record Type: IP Change (hosting migration)
Time Detected: 2026-03-21 07:31:50 UTC
Previous Records:
A: 216.120.147.200
AAAA:
New Records:
A: 216.120.147.200 β 5.188.86.67
Classification: Complete IP replacement - likely hosting migration
βΌοΈπ A threat actor is allegedly selling 450,000 reservations extracted from Preferred Hotels & Resorts' Central Reservation System (CRS) across approximately 620 luxury hotels worldwide.
The data reportedly includes hotel names, guest names, confirmation numbers, start dates, email addresses, phone numbers, full addresses, and credit card details (cardholder name, card number, expiration date), along with average price per night.
Affected properties include luxury brands such as Al Habtoor Palace Dubai, Ajwa Cappadocia, Alchymist Grand Hotel & Spa, and many more.
The threat actor claims the vulnerability has been patched but accuses the company of withholding disclosure of the breach.
Price: β¬1,000.
The data reportedly includes hotel names, guest names, confirmation numbers, start dates, email addresses, phone numbers, full addresses, and credit card details (cardholder name, card number, expiration date), along with average price per night.
Affected properties include luxury brands such as Al Habtoor Palace Dubai, Ajwa Cappadocia, Alchymist Grand Hotel & Spa, and many more.
The threat actor claims the vulnerability has been patched but accuses the company of withholding disclosure of the breach.
Price: β¬1,000.
β€1
βΌοΈπ¨π΄ A threat actor is allegedly selling 120,000 records from the RegistradurΓa Nacional del Estado Civil, Colombia's national civil registry and electoral organization.
The data is in JSON format and reportedly includes full names, dates of birth, sex, blood type, ethnicity, document numbers, parent information, addresses, phone numbers, emails, municipality of residence, and criminal background details.
Price: $150.
The data is in JSON format and reportedly includes full names, dates of birth, sex, blood type, ethnicity, document numbers, parent information, addresses, phone numbers, emails, municipality of residence, and criminal background details.
Price: $150.