‼️🇮🇱 Crocs Israel (crocs.co.il), the Israeli branch of the global footwear brand, has allegedly been breached, with a customer database of 852,520 records leaked.
⠀
‣ Threat Actor: campfire
‣ Category: Data Leak
‣ Victim: Crocs Israel
‣ Industry: Retail / Footwear
⠀
The actor claims the breach occurred on May 3, 2026 and is selling the database for $350.
⠀
What's in it:
⠀
▪️ 852,520 customer records
▪️ Customer ID
▪️ First and last names
▪️ Phone numbers
▪️ Email addresses
▪️ Addresses
▪️ Date of birth
▪️ Gender
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: campfire
‣ Category: Data Leak
‣ Victim: Crocs Israel
‣ Industry: Retail / Footwear
⠀
The actor claims the breach occurred on May 3, 2026 and is selling the database for $350.
⠀
What's in it:
⠀
▪️ 852,520 customer records
▪️ Customer ID
▪️ First and last names
▪️ Phone numbers
▪️ Email addresses
▪️ Addresses
▪️ Date of birth
▪️ Gender
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇺🇸 Senzing (sezning.com), a U.S.-based AI software company specializing in handling and cleaning complex data, has allegedly been breached, with 100,002 records leaked containing extensive PII.
⠀
‣ Threat Actor: ijpys
‣ Category: Data Leak
‣ Victim: Senzing
‣ Industry: Software / AI / Data Management
⠀
What's in it:
⠀
▪️ 100,002 records
▪️ Entity ID and Record ID
▪️ First name, last name, name suffix
▪️ Phone numbers
▪️ Social handles
▪️ SSN (Social Security Numbers)
▪️ Passport numbers
▪️ Gender
▪️ Date of birth
▪️ Driver's license numbers
▪️ Credit card account numbers
▪️ Full addresses (line 1, city, postal code, state)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: ijpys
‣ Category: Data Leak
‣ Victim: Senzing
‣ Industry: Software / AI / Data Management
⠀
What's in it:
⠀
▪️ 100,002 records
▪️ Entity ID and Record ID
▪️ First name, last name, name suffix
▪️ Phone numbers
▪️ Social handles
▪️ SSN (Social Security Numbers)
▪️ Passport numbers
▪️ Gender
▪️ Date of birth
▪️ Driver's license numbers
▪️ Credit card account numbers
▪️ Full addresses (line 1, city, postal code, state)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇫🇷 ZenMobile (zenmobile.fr), a French mobile virtual network operator (MVNO), has allegedly been re-leaked, with a database containing over 15 million rows reposted on a hacking forum.
⠀
‣ Threat Actor: NormalLeVrai
‣ Category: Data Leak (Repost)
‣ Victim: ZenMobile
‣ Industry: Telecommunications / MVNO
⠀
The actor is reposting the 15M-France-zenmobile.fr-Mobile-Virtual-Network-Operator-FullDump-sql, originally circulated previously. ZenMobile operates as a French MVNO using major operator networks (Orange, SFR, Bouygues, Free) to provide phone and internet packages.
⠀
What's in it:
⠀
▪️ 15+ million rows from ZenMobile
▪️ Customer IDs and titles (Mme/M.)
▪️ First and last names
▪️ Full postal addresses (street, building, city, postal code)
▪️ Phone numbers
▪️ Email addresses
▪️ Date of birth
▪️ Account creation dates
▪️ URLs accessed by customers (form/promo participation links)
▪️ Argumentation status / department codes
▪️ Marketing source (e.g., WebRivage)
▪️ Activity timestamps
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: NormalLeVrai
‣ Category: Data Leak (Repost)
‣ Victim: ZenMobile
‣ Industry: Telecommunications / MVNO
⠀
The actor is reposting the 15M-France-zenmobile.fr-Mobile-Virtual-Network-Operator-FullDump-sql, originally circulated previously. ZenMobile operates as a French MVNO using major operator networks (Orange, SFR, Bouygues, Free) to provide phone and internet packages.
⠀
What's in it:
⠀
▪️ 15+ million rows from ZenMobile
▪️ Customer IDs and titles (Mme/M.)
▪️ First and last names
▪️ Full postal addresses (street, building, city, postal code)
▪️ Phone numbers
▪️ Email addresses
▪️ Date of birth
▪️ Account creation dates
▪️ URLs accessed by customers (form/promo participation links)
▪️ Argumentation status / department codes
▪️ Marketing source (e.g., WebRivage)
▪️ Activity timestamps
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
I have posted several of these, here is another cPanel/WHM PoC...
CVE-2026-41940: cPanel/WHM Authentication Bypass
https://github.com/kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
CVE-2026-41940: cPanel/WHM Authentication Bypass
https://github.com/kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub
GitHub - kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit
Contribute to kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit development by creating an account on GitHub.
‼️ CVE-2026-41940: A high-performance, multi-threaded security auditing tool designed to detect CVE-2026-41940, a critical Authentication Bypass vulnerability in cPanel & WHM.
https://github.com/XsanFlip/poc-cpanel-cve-2026-41940
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://github.com/XsanFlip/poc-cpanel-cve-2026-41940
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
🔪 Slice For Life - Part 2 🔪
‼️ Instructure Holdings, Inc. (Canva LMS, instructure.com) and Cushman & Wakefield Inc. have been claimed by ShinyHunters ________________________________________ Main Channel: https://t.me/SliceForLifeee Backup Channel: https://t.me/SliceForLifeeee Website:…
Instructure key rotation: https://community.instructure.com/en/discussion/665983/application-key-timestamp-notice
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Instructure Community
Application Key Timestamp Notice - Instructure Community
Some customers may be experiencing limited disruption to integrated tools relying on application keys. Our team reissued certain application keys as a precautionary step, which requires end users to re-authorize access to those tools. Reissued application…
‼️🇫🇷 Psycho-Prat (École de Psychologues Praticiens), a French psychology school, has allegedly been breached, with a 55 GB database and complete source code leaked.
⠀
‣ Threat Actor: Spirigatito
‣ Category: Data Leak
‣ Victim: Psycho-Prat (École de Psychologues Praticiens)
‣ Industry: Education
⠀
The actor is offering the full 55 GB dataset for download. The leak includes student and teacher personal information, identity documents, course materials, account credentials, and the complete source code of the Psycho-Prat platform.
⠀
What's in it:
⠀
▪️ 55 GB of total data
▪️ Student information including 11,447 documents: national ID cards, passports, IBANs, diplomas, applications + database
▪️ 10,506 photos of students and teachers
▪️ 5,521 course documents (valued at $8,000)
▪️ All Psycho-Prat accounts and connection logs
▪️ Complete Psycho-Prat source code totaling 85,424 files
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: Spirigatito
‣ Category: Data Leak
‣ Victim: Psycho-Prat (École de Psychologues Praticiens)
‣ Industry: Education
⠀
The actor is offering the full 55 GB dataset for download. The leak includes student and teacher personal information, identity documents, course materials, account credentials, and the complete source code of the Psycho-Prat platform.
⠀
What's in it:
⠀
▪️ 55 GB of total data
▪️ Student information including 11,447 documents: national ID cards, passports, IBANs, diplomas, applications + database
▪️ 10,506 photos of students and teachers
▪️ 5,521 course documents (valued at $8,000)
▪️ All Psycho-Prat accounts and connection logs
▪️ Complete Psycho-Prat source code totaling 85,424 files
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
The two IOC feeds will be relaunched Friday with a new UI, UX, and features. Much better than the current version. Stay tuned.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤2
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Instructure
Domain:
Country: 🇺🇸 US
Date: May 1st, 2026
Claimed by: Shinyhunters ransomware gang
Summary:
Instructure, développeur de la plateforme Canvas, a annoncé avoir subi un incident de cybersécurité et mène actuellement une enquête avec l'aide d'experts externes. L'entreprise s'engage à maintenir la transparence tout en travaillant rapidement pour minimiser l'impact de cette attaque perpétrée par un acteur malveillant. Des services, dont Canvas Data 2 et Canvas Beta, sont actuellement en maintenance depuis le 1er mai, bien que le lien avec l'incident ne soit pas confirmé.
Source: https://www.bleepingcomputer.com/news/security/edu-tech-firm-instructure-discloses-cyber-incident-probes-impact/
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Instructure
Domain:
instructure.comCountry: 🇺🇸 US
Date: May 1st, 2026
Claimed by: Shinyhunters ransomware gang
Summary:
Instructure, développeur de la plateforme Canvas, a annoncé avoir subi un incident de cybersécurité et mène actuellement une enquête avec l'aide d'experts externes. L'entreprise s'engage à maintenir la transparence tout en travaillant rapidement pour minimiser l'impact de cette attaque perpétrée par un acteur malveillant. Des services, dont Canvas Data 2 et Canvas Beta, sont actuellement en maintenance depuis le 1er mai, bien que le lien avec l'incident ne soit pas confirmé.
Source: https://www.bleepingcomputer.com/news/security/edu-tech-firm-instructure-discloses-cyber-incident-probes-impact/
BleepingComputer
Edu tech firm Instructure discloses cyber incident, probes impact
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact.
❤1
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Hochschule Emden/Leer
Domain:
Country: 🇩🇪 DE
Date: May 1st, 2026
Summary:
Hochschule Emden/Leer fell victim to a cyberattack on May 1, 2026, which led to the preventive shutdown of central IT services and disruption of its website. Although systems were quickly contained with no reported data loss, course operations continue in person. The institution has established an information point for students and is working toward a gradual restoration of services.
Source: https://www.noz.de/lokales/rheiderland/regional/artikel/cyberangriff-auf-hochschule-emdenleer-it-teils-offline-50594356
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Hochschule Emden/Leer
Domain:
hs-emden-leer.deCountry: 🇩🇪 DE
Date: May 1st, 2026
Summary:
Hochschule Emden/Leer fell victim to a cyberattack on May 1, 2026, which led to the preventive shutdown of central IT services and disruption of its website. Although systems were quickly contained with no reported data loss, course operations continue in person. The institution has established an information point for students and is working toward a gradual restoration of services.
Source: https://www.noz.de/lokales/rheiderland/regional/artikel/cyberangriff-auf-hochschule-emdenleer-it-teils-offline-50594356
noz.de
Hochschule Emden/Leer schaltet nach Cyberangriff zentrale IT-Dienste ab
Cyberangriff auf die Hochschule Emden/Leer am 1. Mai 2026: IT-Dienste abgeschaltet, Website gestört. Wie bleibt der Lehrbetrieb dennoch in Präsenz?
‼️🇪🇬 An Egyptian database containing 1.5 million student records and a 60 million record HR database (37GB total) is allegedly being sold on a hacking forum, exposing extensive PII including ID scans and passport copies.
⠀
‣ Threat Actor: bigF
‣ Category: Data Sale
‣ Victim: Undisclosed Egyptian institutions (educational + corporate/government HR)
‣ Industry: Education / HR / Government
⠀
The actor is offering two separate databases in .sql format for sale. The first targets Egyptian university students with extensive PII and identity document scans, while the second is a much larger HR/employment database containing payroll, financial, and authentication data.
⠀
What's in it:
⠀
First database (~1,000,000 student records):
- Full names (Arabic + English)
- Egyptian National ID numbers
- Date and place of birth
- Home addresses (governorate, city, street)
- Mobile phone numbers and email addresses
- Guardian and university information
- University ID / registration number
- Academic year, faculty, department
- High-res scans of student national IDs
- National ID scans of mother and father
- Visa or passport scans (where available)
⠀
Second database (~60M records):
- Persons (full master PII): 456K records
- Personsnationalids: Egyptian National ID numbers + scans
- Personsemp: employment history, job titles, salaries
- Payroll + payrollfrompayroll: direct salary data
- Financialdata + financialdecisions: transactions, approvals
- Auth_user + auth_permission: login credentials + role hashes
- Other tables: ~56M additional records
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: bigF
‣ Category: Data Sale
‣ Victim: Undisclosed Egyptian institutions (educational + corporate/government HR)
‣ Industry: Education / HR / Government
⠀
The actor is offering two separate databases in .sql format for sale. The first targets Egyptian university students with extensive PII and identity document scans, while the second is a much larger HR/employment database containing payroll, financial, and authentication data.
⠀
What's in it:
⠀
First database (~1,000,000 student records):
- Full names (Arabic + English)
- Egyptian National ID numbers
- Date and place of birth
- Home addresses (governorate, city, street)
- Mobile phone numbers and email addresses
- Guardian and university information
- University ID / registration number
- Academic year, faculty, department
- High-res scans of student national IDs
- National ID scans of mother and father
- Visa or passport scans (where available)
⠀
Second database (~60M records):
- Persons (full master PII): 456K records
- Personsnationalids: Egyptian National ID numbers + scans
- Personsemp: employment history, job titles, salaries
- Payroll + payrollfrompayroll: direct salary data
- Financialdata + financialdecisions: transactions, approvals
- Auth_user + auth_permission: login credentials + role hashes
- Other tables: ~56M additional records
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ A new IVR (Interactive Voice Response) 0day automation tool is allegedly being sold on a hacking forum, marketed for high-speed SIP-based attacks against voice menu systems.
⠀
‣ Threat Actor: GENERAL DARK
‣ Category: Fraud Tool / SIP Abuse
‣ Product: Ultimate IVR 0DAY
‣ Industry: Telecom Fraud / Vishing Infrastructure
⠀
The actor is advertising a high-throughput IVR manipulation engine designed to bypass standard voice-menu protections, automate digit entry at scale, and process multiple targets per call. The tool is marketed for "stress-testing" but the feature set (DND filtering, auto-authentication, multi-hit batching, response routing) aligns with carding and account-takeover automation against IVR-based banking and customer service systems.
⠀
What's advertised:
⠀
▪️ Human-Frame "Barge-In" Mode: interrupts IVR prompts in 50ms to bypass listening delays
▪️ Ghost Protocol (DTMF Override): switches signal transport mid-call to evade fingerprinting
▪️ Real-Time Lag Intel: tracks first-response latency to identify high-quality targets
▪️ Direct-to-Socket RTP: bypasses third-party media servers for raw UDP socket access
▪️ Smart "Do Not Disturb" filtering to preserve credits
▪️ Multi-Hit Batching: process 5–20 IDs/products in a single call
▪️ Intelligent Response Routing via custom JSON logic
▪️ Auto-Authentication: handles SIP 401/407 challenges automatically
▪️ High-Volume SIP Stack: thousands of concurrent calls from a single port
▪️ Parallel Worker Pool: 20 simultaneous calls per session
▪️ Surgical Timing: 75ms between digits, 100ms tone duration
▪️ Auto-Retry Engine on dropped calls
▪️ Live audio analysis (RMS energy detection for human/robot/silence)
▪️ Structured per-session logs (Product ID, duration, raw response, latency, final status)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: GENERAL DARK
‣ Category: Fraud Tool / SIP Abuse
‣ Product: Ultimate IVR 0DAY
‣ Industry: Telecom Fraud / Vishing Infrastructure
⠀
The actor is advertising a high-throughput IVR manipulation engine designed to bypass standard voice-menu protections, automate digit entry at scale, and process multiple targets per call. The tool is marketed for "stress-testing" but the feature set (DND filtering, auto-authentication, multi-hit batching, response routing) aligns with carding and account-takeover automation against IVR-based banking and customer service systems.
⠀
What's advertised:
⠀
▪️ Human-Frame "Barge-In" Mode: interrupts IVR prompts in 50ms to bypass listening delays
▪️ Ghost Protocol (DTMF Override): switches signal transport mid-call to evade fingerprinting
▪️ Real-Time Lag Intel: tracks first-response latency to identify high-quality targets
▪️ Direct-to-Socket RTP: bypasses third-party media servers for raw UDP socket access
▪️ Smart "Do Not Disturb" filtering to preserve credits
▪️ Multi-Hit Batching: process 5–20 IDs/products in a single call
▪️ Intelligent Response Routing via custom JSON logic
▪️ Auto-Authentication: handles SIP 401/407 challenges automatically
▪️ High-Volume SIP Stack: thousands of concurrent calls from a single port
▪️ Parallel Worker Pool: 20 simultaneous calls per session
▪️ Surgical Timing: 75ms between digits, 100ms tone duration
▪️ Auto-Retry Engine on dropped calls
▪️ Live audio analysis (RMS energy detection for human/robot/silence)
▪️ Structured per-session logs (Product ID, duration, raw response, latency, final status)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations