‼️ Genesis Ransomware claims 8 victims.
🇺🇸 Secure Health
🇺🇸 Modern Advanced Print Solutions (MAPS, Inc.)
🇺🇸 MC-Rx
🇺🇸 HMI Elements
🇺🇸 Green Giftz
🇺🇸 Raphael Ortho
🇺🇸 B&R Sheet Metal
🇺🇸 Catalyst Learning Company
🇺🇸 Secure Health
🇺🇸 Modern Advanced Print Solutions (MAPS, Inc.)
🇺🇸 MC-Rx
🇺🇸 HMI Elements
🇺🇸 Green Giftz
🇺🇸 Raphael Ortho
🇺🇸 B&R Sheet Metal
🇺🇸 Catalyst Learning Company
‼️ New Dark Web Informer Blog Post!
Title: Threat Actor Auctioning WordPress Admin Access to Spanish E-Commerce Site With REDSYS Payment Gateway and ~1,200 Monthly Card Orders
Link: https://darkwebinformer.com/threat-actor-auctioning-wordpress-admin-access-to-spanish-e-commerce-site-with-redsys-payment-gateway-and-1-200-monthly-card-orders/
Title: Threat Actor Auctioning WordPress Admin Access to Spanish E-Commerce Site With REDSYS Payment Gateway and ~1,200 Monthly Card Orders
Link: https://darkwebinformer.com/threat-actor-auctioning-wordpress-admin-access-to-spanish-e-commerce-site-with-redsys-payment-gateway-and-1-200-monthly-card-orders/
Dark Web Informer
Threat Actor Auctioning WordPress Admin Access to Spanish E-Commerce Site With REDSYS Payment Gateway and ~1,200 Monthly Card Orders
‼️ New Dark Web Informer Blog Post!
Title: Alleged Dataset Leak of Canva Exposes 900,000 User Records With Bcrypt Passwords, OAuth Providers, and Design Platform Usage Data
Link: https://darkwebinformer.com/alleged-dataset-leak-of-canva-exposes-900-000-user-records-with-bcrypt-passwords-oauth-providers-and-design-platform-usage-data/
Title: Alleged Dataset Leak of Canva Exposes 900,000 User Records With Bcrypt Passwords, OAuth Providers, and Design Platform Usage Data
Link: https://darkwebinformer.com/alleged-dataset-leak-of-canva-exposes-900-000-user-records-with-bcrypt-passwords-oauth-providers-and-design-platform-usage-data/
Dark Web Informer
Alleged Dataset Leak of Canva Exposes 900,000 User Records With Bcrypt Passwords, OAuth Providers, and Design Platform Usage Data
‼️🇩🇪 A dataset allegedly containing 10.5 million users from LSGB, a defunct German gaming and leak forum, has been leaked on a popular cybercrime forum.
▪️ Records: 10,500,000 (10M + 500K new)
▪️ Size: 121 MB (compressed)
▪️ Data Fields: User ID, username, email address, password hash (bcrypt), salt, user group, registration date, last visit, registration IP, last IP, post count, reputation, PM count, signature, birthday, location, website
▪️ Records: 10,500,000 (10M + 500K new)
▪️ Size: 121 MB (compressed)
▪️ Data Fields: User ID, username, email address, password hash (bcrypt), salt, user group, registration date, last visit, registration IP, last IP, post count, reputation, PM count, signature, birthday, location, website
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Charité
Domain:
Country: 🇩🇪 DE
Date: Mar 31st, 2026
Summary:
Un dysfonctionnement technique au sein d'un centre de données de la Charité à Berlin a entraîné une panne informatique affectant trois sites hospitaliers, empêchant la Feuerwehr d'accéder aux cliniques Virchow, Mitte et Steglitz. Bien que la fourniture de soins aux patients reste stable, les services d'urgence ont temporairement désactivé les entrées des urgences centrales par mesure de sécurité, tout en excluant toute hypothèse de cyberattaque. La Charité travaille activement à la résolution de ce problème technique, qui survient dans un contexte de vigilance accrue face aux risques de cybersécurité pour les institutions publiques berlinoises.
Source: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-feuerwehr-kann-drei-klinikstandorte-nicht-anfahren-15421749.html
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Charité
Domain:
charite.deCountry: 🇩🇪 DE
Date: Mar 31st, 2026
Summary:
Un dysfonctionnement technique au sein d'un centre de données de la Charité à Berlin a entraîné une panne informatique affectant trois sites hospitaliers, empêchant la Feuerwehr d'accéder aux cliniques Virchow, Mitte et Steglitz. Bien que la fourniture de soins aux patients reste stable, les services d'urgence ont temporairement désactivé les entrées des urgences centrales par mesure de sécurité, tout en excluant toute hypothèse de cyberattaque. La Charité travaille activement à la résolution de ce problème technique, qui survient dans un contexte de vigilance accrue face aux risques de cybersécurité pour les institutions publiques berlinoises.
Source: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-feuerwehr-kann-drei-klinikstandorte-nicht-anfahren-15421749.html
www.tagesspiegel.de
IT‑Ausfall an der Berliner Charité: Feuerwehr kann drei Klinikstandorte nicht anfahren
Wegen einer IT-Panne fährt die Feuerwehr derzeit drei Charité-Kliniken nicht an. Ein Cyberangriff ist jedoch ausgeschlossen.
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Häpo-Reifencenter
Domain:
Country: 🇨🇭 CH
Date: Mar 29th, 2026
Summary:
Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système informatique de l'entreprise Häpo-Reifencenter, située à Winterthour, à l'aide d'un ransomware. Bien que l'entreprise disposât de sauvegardes, celles-ci ont également été détruites, ce qui entraîne un préjudice quotidien de plusieurs dizaines de milliers de francs et une perte des données comptables actuelles. Häpo a informé la police et alerté son assureur, tandis que la direction n'envisage pour l'instant pas de payer la rançon exigée.
Source: https://www.tagesanzeiger.ch/cyberangriff-in-winterthur-hacker-legen-haepo-reifencenter-lahm-229421108182
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Häpo-Reifencenter
Domain:
haepo.chCountry: 🇨🇭 CH
Date: Mar 29th, 2026
Summary:
Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système informatique de l'entreprise Häpo-Reifencenter, située à Winterthour, à l'aide d'un ransomware. Bien que l'entreprise disposât de sauvegardes, celles-ci ont également été détruites, ce qui entraîne un préjudice quotidien de plusieurs dizaines de milliers de francs et une perte des données comptables actuelles. Häpo a informé la police et alerté son assureur, tandis que la direction n'envisage pour l'instant pas de payer la rançon exigée.
Source: https://www.tagesanzeiger.ch/cyberangriff-in-winterthur-hacker-legen-haepo-reifencenter-lahm-229421108182
Tages-Anzeiger
Cyberangriff in Winterthur: Hacker legen Häpo-Reifencenter lahm
Cyberkriminelle griffen am Sonntag das Winterthurer Unternehmen Häpo an und fordern Lösegeld. Die Hackergruppe soll Verbindungen in den Iran haben.
💥 Early stages of a Cybercrime Website Leaderboard is now available to Elite subscribers.
A separate Threat Actor Leaderboard is being worked on, but nothing to show for it for now.
https://darkwebinformer.com/cybercrime-website-leaderboard4574474574/
A separate Threat Actor Leaderboard is being worked on, but nothing to show for it for now.
https://darkwebinformer.com/cybercrime-website-leaderboard4574474574/
😭1
🔪 Slice For Life 🔪
Cyberattack News Alert ━━━━━━━━━━━━━━━━━━━━━━━━━ Victim: Häpo-Reifencenter Domain: haepo.ch Country: 🇨🇭 CH Date: Mar 29th, 2026 Summary: Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système…
These articles should translate to english now.
😭1
‼️🇺🇸 A massive breach allegedly from BlackLine, a major financial automation platform, is being sold on a popular cybercrime forum.
▪️ Documents: ~1,532,718
▪️ Total Size: 354.4 GB
▪️ Data Includes: Bills, licenses, certificates, and other documents processed for high-profile clients
▪️ Client Noted: FedEx PO APAC Production
▪️ Documents: ~1,532,718
▪️ Total Size: 354.4 GB
▪️ Data Includes: Bills, licenses, certificates, and other documents processed for high-profile clients
▪️ Client Noted: FedEx PO APAC Production
‼️🇺🇸 A dataset allegedly containing 9,000+ loan records from HeritageSouth Credit Union (USA) has been leaked on a popular cybercrime forum.
▪️ Records: 9,000+
▪️ Size: ~5.5 MB (CSV)
▪️ Data Fields: Loan ID, borrower ID, SSN, full name, gender, birthdate, address, ZIP code, credit score, loan amount, interest rate, delinquency counts, charge-off details, co-borrower info (SSN, name, address), collateral vehicle details (make, model, year, VIN, value)
▪️ Records: 9,000+
▪️ Size: ~5.5 MB (CSV)
▪️ Data Fields: Loan ID, borrower ID, SSN, full name, gender, birthdate, address, ZIP code, credit score, loan amount, interest rate, delinquency counts, charge-off details, co-borrower info (SSN, name, address), collateral vehicle details (make, model, year, VIN, value)
How many daily alerts on the threat feed is enough for you or would be enough for you if you subscribed?
Anonymous Poll
19%
0-400
3%
401-800
3%
801-1200
36%
Unlimited
39%
Show Results
‼️🇺🇸 A database (V2) allegedly from Success.com, a popular newsletter and article platform, has been leaked on a popular cybercrime forum.
This is the second breach, the site was still vulnerable, with over 60K new emails added since the first leak.
▪️ Records: 207,000+ unique users
▪️ Data Fields: Email, first/last name, phone, company, passwords, billing & shipping addresses, payment method, social media links (Facebook, LinkedIn, Twitter), job title, credit scores, order history, store orders, and more
Note: The threat actor states Success.com did not respond to contact or consider meeting their demands
This is the second breach, the site was still vulnerable, with over 60K new emails added since the first leak.
▪️ Records: 207,000+ unique users
▪️ Data Fields: Email, first/last name, phone, company, passwords, billing & shipping addresses, payment method, social media links (Facebook, LinkedIn, Twitter), job title, credit scores, order history, store orders, and more
Note: The threat actor states Success.com did not respond to contact or consider meeting their demands