⚠️ FBI Watchdog - DNS New Domain (A) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-team.to
Record Type: DNS New Domain (A)
Time Detected: 2026-03-27 14:35:30 UTC
Previous Records:
New Records:
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: handala-team.to
Record Type: DNS New Domain (A)
Time Detected: 2026-03-27 14:35:30 UTC
Previous Records:
None
New Records:
185.178.208.137
🔪 Slice For Life 🔪
https://x.com/DarkWebInformer/status/2037533650653233249
‼️Reuters has confirmed FBI Director Kash Patel's email was indeed hacked.
https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/
https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/
😁4🔥1
‼️🇨🇴 A massive breach of the Superintendencia Nacional de Salud de Colombia (Supersalud), Colombia's national health oversight authority, is being leaked on a popular cybercrime forum. This is labeled as "Package 1" with more threatened to follow.
▪️ Total Records: 50 million lines
▪️ Total Size: 2TB (full database)
The exposed data is extremely sensitive, covering patient records, healthcare claims, and internal systems including: PQR numbers and internal record IDs, patient full names, document type/number, DOB, age, gender, phone, email, full address, special population status, education level, affiliated health entity (EPS) and regime type, associated clinic/provider (IPS) with branch location and NIT, diagnosed pathology category and ICD-10 codes, life-risk priority status, high cost disease (Alto Costo) indicators, full claim descriptions with urgency and assigned doctor, PQR internal follow-up logs with agent comments and resolution statuses, claim deadlines, medication details (drugs, quantities, authorization status), and petitioner details.
The leak also includes internal system data such as staff names, emails, password hashes, roles, IDs, cedula numbers, LDAP Active Directory status, and SuperSalud internal department routing and entity notification statuses.
▪️ Total Records: 50 million lines
▪️ Total Size: 2TB (full database)
The exposed data is extremely sensitive, covering patient records, healthcare claims, and internal systems including: PQR numbers and internal record IDs, patient full names, document type/number, DOB, age, gender, phone, email, full address, special population status, education level, affiliated health entity (EPS) and regime type, associated clinic/provider (IPS) with branch location and NIT, diagnosed pathology category and ICD-10 codes, life-risk priority status, high cost disease (Alto Costo) indicators, full claim descriptions with urgency and assigned doctor, PQR internal follow-up logs with agent comments and resolution statuses, claim deadlines, medication details (drugs, quantities, authorization status), and petitioner details.
The leak also includes internal system data such as staff names, emails, password hashes, roles, IDs, cedula numbers, LDAP Active Directory status, and SuperSalud internal department routing and entity notification statuses.
❤1
‼️🇺🇸 The group ShadowByt3$ claims to have breached the University of Georgia, stealing approximately 3.2 MB of employee data in raw text files. No customer data was reportedly affected.
▪️ Physical Locations: Home addresses (e.g., Columbus, GA) and specific office numbers
▪️ Private Contact Info: Personal cell and home phone numbers
▪️ Employee Info: Full names, contact details, institutional ID photos
▪️ Project Documentation: Internal university project tracking logs and admin data
▪️ Workforce Data: Position numbers, departmental assignments, work schedules
▪️ Technical Details: System maintenance and development notes
▪️ Critical Infrastructure: Active project maps for GEMA (Emergency Management), Georgia Broadband, and GDOT (Transportation) through 2026
▪️ Government Records: Asset forfeiture logs and county-level GIS (Athens-Clarke, Bibb) underpinning 911 dispatch and land taxes
▪️ Leadership Secrets: UGA Office of the President Mail Tracker and Gov360 anonymous executive coaching logs
▪️ SME Map: Identified "Subject Matter Experts" with detailed work hour tracking on specific code projects
▪️ Security Clearances: Differentiation between "Benefited" full-time employees (high-value targets) and "Student Assistants" (low-value entry points)
▪️ Physical Locations: Home addresses (e.g., Columbus, GA) and specific office numbers
▪️ Private Contact Info: Personal cell and home phone numbers
▪️ Employee Info: Full names, contact details, institutional ID photos
▪️ Project Documentation: Internal university project tracking logs and admin data
▪️ Workforce Data: Position numbers, departmental assignments, work schedules
▪️ Technical Details: System maintenance and development notes
▪️ Critical Infrastructure: Active project maps for GEMA (Emergency Management), Georgia Broadband, and GDOT (Transportation) through 2026
▪️ Government Records: Asset forfeiture logs and county-level GIS (Athens-Clarke, Bibb) underpinning 911 dispatch and land taxes
▪️ Leadership Secrets: UGA Office of the President Mail Tracker and Gov360 anonymous executive coaching logs
▪️ SME Map: Identified "Subject Matter Experts" with detailed work hour tracking on specific code projects
▪️ Security Clearances: Differentiation between "Benefited" full-time employees (high-value targets) and "Student Assistants" (low-value entry points)
❤1
‼️🇲🇽 The Mexico dataset of C&A Modas, the international fashion retailer, has allegedly been leaked and made available for download on a popular cybercrime forum.
▪️ Records: 286,094 lines
The sample data shows Mexican customer records with full names, dates of birth, unique customer IDs, phone numbers, and personal email addresses.
▪️ Records: 286,094 lines
The sample data shows Mexican customer records with full names, dates of birth, unique customer IDs, phone numbers, and personal email addresses.
‼️🇲🇽 A database allegedly belonging to the Instituto Tecnológico Superior de Irapuato, a Mexican higher education institution, has been leaked on a popular cybercrime forum.
Exposed fields reportedly include: full name (nombre completo), paternal surname (apellido paterno), maternal surname (apellido materno), phone number, personal Gmail, date of birth, address (domicilio), age, CURP (Mexican national ID number), career/major, disability status, income received (dinero que recibe), and more.
Exposed fields reportedly include: full name (nombre completo), paternal surname (apellido paterno), maternal surname (apellido materno), phone number, personal Gmail, date of birth, address (domicilio), age, CURP (Mexican national ID number), career/major, disability status, income received (dinero que recibe), and more.
🔥1
‼️ The Dutch National Police have issued a press release stating they were targeted of a successful phishing attack, discovered it quickly, and immediately closed access.
https://www.politie.nl/nieuws/2026/maart/25/00-politie-doelwit-van-phishing.html
https://www.politie.nl/nieuws/2026/maart/25/00-politie-doelwit-van-phishing.html
Politie
Politie doelwit van phishing
De politie is doelwit geweest van phishing. Het Security Operations Center van de politie heeft dit zeer snel ontdekt en heeft de toegang direct afgesloten. De impact wordt nog onderzocht maar lijkt beperkt. Gegevens van burgers en onderzoeksinformatie zijn…
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Omax Autos Limited
Domain:
Country: 🇮🇳 IN
Date: Mar 27th, 2026
Claimed by: Lockbit5 ransomware gang
Summary:
Omax Autos Limited confirmed on March 27, 2026 that it suffered a ransomware attack on its IT infrastructure, following the detection of suspicious anomalies the day before. Although the company reported the incident to the Bombay and Delhi stock exchanges, it specified that its core operations and production chains remain currently intact. Investors reacted with volatility to the news, fluctuating between confidence in the security of critical systems and concerns related to a potential leak of sensitive data.
Source: https://tradebrains.in/omax-autos-reports-ransomware-attack-it-systems-under-investigation-after-cyber-breach/
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Omax Autos Limited
Domain:
omaxauto.comCountry: 🇮🇳 IN
Date: Mar 27th, 2026
Claimed by: Lockbit5 ransomware gang
Summary:
Omax Autos Limited confirmed on March 27, 2026 that it suffered a ransomware attack on its IT infrastructure, following the detection of suspicious anomalies the day before. Although the company reported the incident to the Bombay and Delhi stock exchanges, it specified that its core operations and production chains remain currently intact. Investors reacted with volatility to the news, fluctuating between confidence in the security of critical systems and concerns related to a potential leak of sensitive data.
Source: https://tradebrains.in/omax-autos-reports-ransomware-attack-it-systems-under-investigation-after-cyber-breach/
Trade Brains
Omax Autos Reports Ransomware Attack — IT Systems Under Investigation After Cyber Breach
Omax Autos Limited (OMAXAUTO) confirmed a ransomware attack on its IT infrastructure on March 27, 2026. While the company is assessing the impact, it stated that core operations and systems currently remain unaffected.
‼️🇲🇽 A database allegedly containing 318,000 user records from Bienestar.org, a healthcare organization serving the Latino Gay Community with HIV/AIDS treatment, sexual health, mental health, substance abuse counseling, and medication-assisted treatment since 1989, is being sold on a popular cybercrime forum.
▪️ Records: 318,000 users
▪️ Data Fields: First name, last name, mobile phone number, email, date of birth
▪️ Price: $300
Given the nature of the organization, this breach is particularly sensitive as it could potentially expose individuals' sexual orientation and healthcare status. The listing includes both the dataset and access to the platform.
▪️ Records: 318,000 users
▪️ Data Fields: First name, last name, mobile phone number, email, date of birth
▪️ Price: $300
Given the nature of the organization, this breach is particularly sensitive as it could potentially expose individuals' sexual orientation and healthcare status. The listing includes both the dataset and access to the platform.
😭3
‼️🇦🇪 Source code from multiple UAE websites has allegedly been leaked on a popular cybercrime forum, including exposed repositories and projects.
▪️ Country: UAE
▪️ Leak Type: Source code + exposed repositories/projects
▪️ Includes: PHP code samples and GitHub Personal Access Token (PAT)
The post lists multiple affected platforms and includes a PHP code sample as proof.
▪️ Country: UAE
▪️ Leak Type: Source code + exposed repositories/projects
▪️ Includes: PHP code samples and GitHub Personal Access Token (PAT)
The post lists multiple affected platforms and includes a PHP code sample as proof.
‼️A high-ranking forum moderator is publicly seeking to buy any data or access from active or defunct BreachForums clones, claiming the goal is to "put an end to these clones."
▪️ Seeking: Data, server access, database backups, exploits, staff/admin accounts
▪️ Targeted Domains: .sb, .ac, .fi, .bf, .us, etc.
▪️ Offer: "Exceptional amount" for staff or admin access
The post is directed at anyone who is staff, has server access, holds a database backup, or possesses an exploit related to any BreachForums clone operation.
▪️ Seeking: Data, server access, database backups, exploits, staff/admin accounts
▪️ Targeted Domains: .sb, .ac, .fi, .bf, .us, etc.
▪️ Offer: "Exceptional amount" for staff or admin access
The post is directed at anyone who is staff, has server access, holds a database backup, or possesses an exploit related to any BreachForums clone operation.
❤3
🔪 Slice For Life 🔪
This internal script I've been using to find different domains that were just registered. I'm getting closer to releasing it on GitHub... it's fairly simple and brings back results very quick. It is a Python script that scans a base domain across 800+ TLDs…
I don't have much more to add to this tool to be honest. I'm just running some tests and need to create a Readme on GitHub. The only addition since this past update is it will provide a HTML file from the rolling updates you've done for that particular keyword.
Will release this next week on GitHub.
Will release this next week on GitHub.
❤1