‼️🇦🇪 Source code from multiple UAE websites has allegedly been leaked on a popular cybercrime forum, including exposed repositories and projects.

▪️ Country: UAE
▪️ Leak Type: Source code + exposed repositories/projects
▪️ Includes: PHP code samples and GitHub Personal Access Token (PAT)

The post lists multiple affected platforms and includes a PHP code sample as proof.

I don't have much more to add to this tool to be honest. I'm just running some tests and need to create a Readme on GitHub. The only addition since this past update is it will provide a HTML file from the rolling updates you've done for that particular keyword.

Will release this next week on GitHub.

‼️Access to over 30 Claro Cloud user websites is allegedly being offered on a popular cybercrime forum, with claims that the telecom giant's cloud platform has severe security flaws allowing malicious code uploads and website infections.

▪️ Target: Claro Cloud (sitios web / website hosting platform)
▪️ Sites Affected: 30+
▪️ Access Level: Full website management panel (build, pages, clipboard, design, options, settings, databases)
▪️ Exposed Data: Advisor names, mobile numbers, emails, zone information
▪️ Backend Access: FTP Administrator, Windows Services, email, metrics, website creators, files, and databases

Screenshots demonstrate full access to the Claro Cloud admin panel, including the ability to edit HTML, manage web apps, view client advisor contact data, and access database management tools.

One screenshot shows a defacement with "HACKED BY WORRYSEC" injected into a live site as proof of exploitation.

‼️🇺🇸 Sheraton Hotels and Resorts, the American international hotel chain owned by Marriott International, has allegedly been listed on a ransomware leak site with its status marked as "Disclosed."

▪️ Revenue: $193.5M
▪️ Employees: 5,000
▪️ Hotels: 431 with 150,640 rooms globally
▪️ Financial & Operational Documents: 321.0 GB (348,199 files)
▪️ Databases & Backups: 59.3 GB (18,065 files)

The leaked data reportedly spans financial and operational documents as well as full database backups. Sheraton operates locations across North America, Africa, Asia-Pacific, Central and South America, Europe, the Middle East, and the Caribbean.

‼️A new Android Remote Administration Tool (RAT) called "Darkweb" is being sold on a popular cybercrime forum, marketed as "the most powerful" Android hacking tool available.

▪️ Access: Tor browser (.onion link)
▪️ Developer Contact: Telegram
▪️ Features Include: Client Folder, Permissions, APK Tool, Crypter, Dropper, Create APK

The tool offers an extensive set of capabilities:

▪️ VNC/AcVNC: Real-time device screen control with gesture support; bypasses Android's Secure flag (black screen) protection
▪️ Keylogger: Records UI interactions and captures device unlock passwords
▪️ Target Detect: Identifies crypto and banking apps for direct launch or removal
▪️ Injects: Bank-oriented overlays for stealing credentials from crypto/banking apps
▪️ Control Elements: Full device control (Home, Back, Power, Volume, etc.)
▪️ Blank/Update Screen: Hides operations behind fake loading or system update screens
▪️ Password Logging: Enhanced capture during device unlock
▪️ APK Dropper/Crypter: Silent malware deployment with encryption to evade antivirus
▪️ Ransomware: Lock/encrypt victim devices and demand payment
▪️ File & Gallery: Silent upload of photos, videos, and documents to C2 server
▪️ Microphone & Camera: Covert activation of front/back cameras and microphone
▪️ Unlock & Screen Wake: Force wake and unlock using captured PINs/patterns
▪️ Call & Message: Monitor, initiate calls, send messages, and access contacts

Additional features include client ranking by banking/crypto app presence, auto firewall configuration, domain support, HTML editor for dropper customization, and auto-install of dependencies.

Onion: http://kiwodb2ke4zeebyplcme3nr6xr5n63ainigtiibyhqs4hzloc7jnvkad[.]onion