‼️ New Dark Web Informer Blog Post!
Title: "Copy Fail" Lands on CISA's KEV: A Nine-Year-Old Linux Bug Becomes a Patch Deadline
Link: https://darkwebinformer.com/copy-fail-lands-on-cisas-kev-a-nine-year-old-linux-bug-becomes-a-patch-deadline/
Title: "Copy Fail" Lands on CISA's KEV: A Nine-Year-Old Linux Bug Becomes a Patch Deadline
Link: https://darkwebinformer.com/copy-fail-lands-on-cisas-kev-a-nine-year-old-linux-bug-becomes-a-patch-deadline/
Dark Web Informer
"Copy Fail" Lands on CISA's KEV: A Nine-Year-Old Linux Bug Becomes a Patch Deadline
On May 1, 2026, CISA added CVE-2026-31431, better known as "Copy Fail," to its Known Exploited Vulnerabilities (KEV) catalog. Federal civilian agencies have until May 15 to patch under BOD 22-01. Everyone else should read that deadline as a strong hint.
‼️🇨🇭 Zurich Insurance has allegedly been breached, with a massive leak containing over 4.26 million insurance contract records and a second file covering insurance policies released for free.
⠀
‣ Threat Actor: NormalLeVrai
‣ Category: Data Leak
‣ Victim: Zurich Insurance (zurich.com)
‣ Industry: Insurance
⠀
The actor is releasing two Swiss-related files containing structured insurance data, including detailed contract, policyholder, vehicle, and financial information.
⠀
What's in it:
⠀
First file (zurich.com.csv): 4,260,757 complete lines of structured insurance data:
- Insurance contracts (policies)
- Clients (policyholders)
- Insured vehicles
- Intermediaries (agents)
- Financial and commercial information
- Coverage details and insured amounts
- Product-specific information (home, business insurance)
- Primary driver and owner data
- Business indicators (status, assistance options, customer value)
⠀
Second file (lluch20210629.sql): complete dataset on insurance contracts:
- Policy information: contract number, version, product type, structure, key dates
- Policyholder data: identity (last name, first name), national ID/Tax ID, contact info (address, phone, email)
- Insured vehicle info: registration number, make, model, technical specs (power, engine type, seats)
- Intermediary (agent/broker) info: identifier, name, contact details
- Contractual and financial elements: IBAN, receipt status, insured capital, deductibles, contract terms
- Product-specific data (residential/commercial): property use, dwelling type, business activity
- Linked individuals: primary driver and vehicle owner
- Business indicators: policy status, customer value, up to 10 assistance options
- Additional info: contract language, insurance company, chosen package/plan
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: NormalLeVrai
‣ Category: Data Leak
‣ Victim: Zurich Insurance (zurich.com)
‣ Industry: Insurance
⠀
The actor is releasing two Swiss-related files containing structured insurance data, including detailed contract, policyholder, vehicle, and financial information.
⠀
What's in it:
⠀
First file (zurich.com.csv): 4,260,757 complete lines of structured insurance data:
- Insurance contracts (policies)
- Clients (policyholders)
- Insured vehicles
- Intermediaries (agents)
- Financial and commercial information
- Coverage details and insured amounts
- Product-specific information (home, business insurance)
- Primary driver and owner data
- Business indicators (status, assistance options, customer value)
⠀
Second file (lluch20210629.sql): complete dataset on insurance contracts:
- Policy information: contract number, version, product type, structure, key dates
- Policyholder data: identity (last name, first name), national ID/Tax ID, contact info (address, phone, email)
- Insured vehicle info: registration number, make, model, technical specs (power, engine type, seats)
- Intermediary (agent/broker) info: identifier, name, contact details
- Contractual and financial elements: IBAN, receipt status, insured capital, deductibles, contract terms
- Product-specific data (residential/commercial): property use, dwelling type, business activity
- Linked individuals: primary driver and vehicle owner
- Business indicators: policy status, customer value, up to 10 assistance options
- Additional info: contract language, insurance company, chosen package/plan
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥1
‼️ New Dark Web Informer Blog Post!
Title: When a Screensaver Cracked the Internet's Trust Layer: Inside the DigiCert Hack
Link: https://darkwebinformer.com/when-a-screensaver-cracked-the-internets-trust-layer-inside-the-digicert-hack/
Title: When a Screensaver Cracked the Internet's Trust Layer: Inside the DigiCert Hack
Link: https://darkwebinformer.com/when-a-screensaver-cracked-the-internets-trust-layer-inside-the-digicert-hack/
Dark Web Informer
When a Screensaver Cracked the Internet's Trust Layer: Inside the DigiCert Hack
Certificate authorities sit at the foundation of online trust. So when one of the largest, DigiCert, gets hacked through a fake screenshot in a customer support chat, it is worth paying attention.
😁1
‼️🇦🇪 Handala Hack has launched a coordinated attack on the Fujairah Port and other entities in the UAE.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇫🇷 Bouygues Telecom, one of France's largest telecommunications providers, has allegedly been breached, with an 80.9 GB database being offered for sale by a new threat actor group.
⠀
‣ Threat Actor: OverSec
‣ Category: Data Sale
‣ Victim: Bouygues Telecom
‣ Industry: Telecommunications
⠀
The actor introduces themselves as "OverSec" and announces this as their first claim, offering the Bouygues Telecom database obtained on May 1, 2026. Database fields and a sample are distributed via Pastebin links, with proof of access and negotiations available through Session.
⠀
What's in it:
⠀
▪️ Total size: 80.9 GB (86,876,683,642 bytes)
▪️ Format: JSONL
▪️ Date: May 1, 2026
▪️ Database fields and sample distributed via Pastebin
▪️ Contact: Session ID provided
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: OverSec
‣ Category: Data Sale
‣ Victim: Bouygues Telecom
‣ Industry: Telecommunications
⠀
The actor introduces themselves as "OverSec" and announces this as their first claim, offering the Bouygues Telecom database obtained on May 1, 2026. Database fields and a sample are distributed via Pastebin links, with proof of access and negotiations available through Session.
⠀
What's in it:
⠀
▪️ Total size: 80.9 GB (86,876,683,642 bytes)
▪️ Format: JSONL
▪️ Date: May 1, 2026
▪️ Database fields and sample distributed via Pastebin
▪️ Contact: Session ID provided
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Notepad now gaslights you about what you just typed
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😁4
‼️🇫🇷 La Redoute, a major French e-commerce and home goods retailer, has allegedly been scraped, with a dataset of 96,191 customer expedition (shipment) records leaked.
⠀
‣ Threat Actor: Lagui
‣ Victim: La Redoute
‣ Industry: Retail / E-commerce
⠀
The actor states the data was scraped a few weeks prior to posting and is completely fresh, never circulated elsewhere. The scrape focuses on shipment/expedition records spanning late 2025 through 2026, including detailed package tracking and delivery event histories.
⠀
What's in it:
⠀
▪️ 96,191 complete expedition (shipment) entries
▪️ Expedition IDs and order numbers
▪️ Client IDs
▪️ Customer first names and last names
▪️ Full addresses, postal codes, cities
▪️ Phone numbers (multiple per record)
▪️ Email addresses
▪️ Package IDs, arrival dates, creation dates
▪️ Store/enseigne information (e.g., "(01) LA REDOUTE")
▪️ Delivery type (Relais, Livraison)
▪️ Order quantities, declared volume and weight
▪️ Recycling status
▪️ Detailed event histories: agent names, timestamps, event descriptions, operation dates, package rank and status (e.g., package pickup, retour, livraison confirmation, EDI announcements)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: Lagui
‣ Victim: La Redoute
‣ Industry: Retail / E-commerce
⠀
The actor states the data was scraped a few weeks prior to posting and is completely fresh, never circulated elsewhere. The scrape focuses on shipment/expedition records spanning late 2025 through 2026, including detailed package tracking and delivery event histories.
⠀
What's in it:
⠀
▪️ 96,191 complete expedition (shipment) entries
▪️ Expedition IDs and order numbers
▪️ Client IDs
▪️ Customer first names and last names
▪️ Full addresses, postal codes, cities
▪️ Phone numbers (multiple per record)
▪️ Email addresses
▪️ Package IDs, arrival dates, creation dates
▪️ Store/enseigne information (e.g., "(01) LA REDOUTE")
▪️ Delivery type (Relais, Livraison)
▪️ Order quantities, declared volume and weight
▪️ Recycling status
▪️ Detailed event histories: agent names, timestamps, event descriptions, operation dates, package rank and status (e.g., package pickup, retour, livraison confirmation, EDI announcements)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇺🇸 Johnson & Johnson Innovative Medicine has been claimed a victim to SpaceBears Ransomware
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━
Member of Prolific Russian Ransomware Group Sentenced to Prison
Full Press Release → justice.gov
━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor
Note: DOJ articles that are not Cyber related will be removed manually.
━━━━━━━━━━━━━━━━━━━━━
Member of Prolific Russian Ransomware Group Sentenced to Prison
Full Press Release → justice.gov
━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor
Note: DOJ articles that are not Cyber related will be removed manually.
www.justice.gov
Member of Prolific Russian Ransomware Group Sentenced to Prison
A Latvian national was sentenced today to 102 months in prison for his role in a major Russian ransomware organization that stole from and extorted over 54 companies.
‼️Lexus has been claimed a victim to Qilin Ransomware
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇬🇹🇪🇨 Azzorti, a Latin American direct-sales beauty and fashion brand operating across Guatemala and Ecuador, has allegedly been breached, with the entire database from intranet.azzorti.com and intranet.azzorti.gt offered for sale.
⠀
‣ Threat Actor: NyxarGroup (in collaboration with Petro_Escobar & ArcRaidersPlayer)
‣ Category: Data Sale
‣ Victim: Azzorti
‣ Industry: Retail / Direct Sales / Cosmetics
⠀
The actor is selling access to two intranet sites belonging to Azzorti, claiming the dataset includes business operations data alongside customer/consultant PII. The leak is offered for $400.
⠀
What's in it:
⠀
▪️ Internal documents
▪️ Power BI reports
▪️ Supplier information
▪️ Product catalogs
▪️ Sales records
▪️ Business charts
▪️ Quotes
▪️ 2 databases with the following structure:
▪️Codigo (code), Identificacion (ID), Consec
▪️Zona (zone)
▪️Nombres / Apellidos (first/last names)
▪️Direccion (address)
▪️Telefonos (phone numbers)
▪️Distrito / Provincia (district/province)
▪️Camp Ingr, Digito, Cupo
▪️Pedidos (orders)
▪️Digito Anterior
▪️Direccion Referencia (reference address)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: NyxarGroup (in collaboration with Petro_Escobar & ArcRaidersPlayer)
‣ Category: Data Sale
‣ Victim: Azzorti
‣ Industry: Retail / Direct Sales / Cosmetics
⠀
The actor is selling access to two intranet sites belonging to Azzorti, claiming the dataset includes business operations data alongside customer/consultant PII. The leak is offered for $400.
⠀
What's in it:
⠀
▪️ Internal documents
▪️ Power BI reports
▪️ Supplier information
▪️ Product catalogs
▪️ Sales records
▪️ Business charts
▪️ Quotes
▪️ 2 databases with the following structure:
▪️Codigo (code), Identificacion (ID), Consec
▪️Zona (zone)
▪️Nombres / Apellidos (first/last names)
▪️Direccion (address)
▪️Telefonos (phone numbers)
▪️Distrito / Provincia (district/province)
▪️Camp Ingr, Digito, Cupo
▪️Pedidos (orders)
▪️Digito Anterior
▪️Direccion Referencia (reference address)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Daily Dose of Dark Web Informer - May 4th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-4th-2026/
Title: Daily Dose of Dark Web Informer - May 4th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-4th-2026/
Dark Web Informer
Daily Dose of Dark Web Informer - May 4th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
‼️🇧🇷 IUNGO Cloud (iungo.cloud), a Brazilian cloud-telephony operator, has allegedly been breached, with a 73 GiB portabilling database offered for sale as a one-time exclusive deal.
⠀
‣ Threat Actor: Fronx
‣ Category: Data Sale
‣ Victim: IUNGO Cloud
‣ Industry: Cloud Telephony / SaaS Communications
⠀
IUNGO provides cloud-based telephony services including hosted PBX, virtual extensions (ramais), contact centers, and omnichannel customer contact for SMBs and enterprises in Brazil. The actor is offering the database as a one-time sale.
⠀
What's in it:
⠀
▪️ 73 GiB portabilling database
▪️ Customer details
▪️ Call Detail Records (CDRs)
▪️ Customer balance information
▪️ Customer and employee email addresses
▪️ Phone numbers
▪️ Passwords
▪️ Massive PII
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: Fronx
‣ Category: Data Sale
‣ Victim: IUNGO Cloud
‣ Industry: Cloud Telephony / SaaS Communications
⠀
IUNGO provides cloud-based telephony services including hosted PBX, virtual extensions (ramais), contact centers, and omnichannel customer contact for SMBs and enterprises in Brazil. The actor is offering the database as a one-time sale.
⠀
What's in it:
⠀
▪️ 73 GiB portabilling database
▪️ Customer details
▪️ Call Detail Records (CDRs)
▪️ Customer balance information
▪️ Customer and employee email addresses
▪️ Phone numbers
▪️ Passwords
▪️ Massive PII
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Chat, the last two channels died around 2800 subscribers... Join the backup https://t.me/SliceForLifeeee
Telegram
🔪 Slice For Life - Part 3 🔪
Main: t.me/SliceForLifeee
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
❤5
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: San Diego Community College District
Domain:
Country: 🇺🇸 US
Date: May 4th, 2026
Summary:
The San Diego Community College District is currently facing a major cyberattack that began on Saturday, causing certain digital services such as email and enrollment platforms to go offline. Although all campuses remain open and the majority of classes continue, some ancillary operations are affected. The district states that despite the incident, no data has been compromised and is maintaining communication with students via various platforms.
Source: https://www.sandiegouniontribune.com/2026/05/04/san-diego-community-college-district-fighting-major-cyber-attack/
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: San Diego Community College District
Domain:
sdccd.eduCountry: 🇺🇸 US
Date: May 4th, 2026
Summary:
The San Diego Community College District is currently facing a major cyberattack that began on Saturday, causing certain digital services such as email and enrollment platforms to go offline. Although all campuses remain open and the majority of classes continue, some ancillary operations are affected. The district states that despite the incident, no data has been compromised and is maintaining communication with students via various platforms.
Source: https://www.sandiegouniontribune.com/2026/05/04/san-diego-community-college-district-fighting-major-cyber-attack/
San Diego Union-Tribune
San Diego Community College District fighting major cyberattack
The system’s four college are still open, but some digital services have been disrupted.
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: ALS Limited
Domain:
Country: 🇦🇺 AU
Date: May 4th, 2026
Summary:
ALS Limited a révélé avoir détecté une activité cybernétique malveillante impliquant un accès non autorisé à certains de ses systèmes informatiques, provoquant une perturbation temporaire de certaines opérations. L'entreprise a mis en place des mesures de confinement et de remédiation, tout en informant le Centre australien pour la cybersécurité. ALS travaille actuellement à déterminer l'étendue de la violation et ses impacts potentiels sur les données des clients.
Source: https://www.tipranks.com/news/company-announcements/als-reports-cyber-incident-but-restores-most-operations
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: ALS Limited
Domain:
alsglobal.comCountry: 🇦🇺 AU
Date: May 4th, 2026
Summary:
ALS Limited a révélé avoir détecté une activité cybernétique malveillante impliquant un accès non autorisé à certains de ses systèmes informatiques, provoquant une perturbation temporaire de certaines opérations. L'entreprise a mis en place des mesures de confinement et de remédiation, tout en informant le Centre australien pour la cybersécurité. ALS travaille actuellement à déterminer l'étendue de la violation et ses impacts potentiels sur les données des clients.
Source: https://www.tipranks.com/news/company-announcements/als-reports-cyber-incident-but-restores-most-operations
TipRanks
ALS reports cyber incident but restores most operations
The latest update is out from ALS ( ($AU:ALQ) ). ALS Limited has disclosed that it recently detected malicious cyber activity involving unauthorised third-party acc...