‼️ PhishLab V1, a new phishing-as-a-service panel, is allegedly being sold on a hacking forum, marketed as undetected and capable of bypassing 2FA across major platforms.
⠀
‣ Threat Actor: PHISHLAB
‣ Category: Phishing Kit / Malware-as-a-Service
‣ Product: PhishLab V1
‣ Industry: Cybercrime / Credential Theft
⠀
The actor is advertising a phishing panel that captures credentials, 2FA codes, and session cookies in real time, with Telegram notifications and one-click cookie import. The kit targets banks, crypto exchanges, payment processors, retailers, and social platforms across more than 17 active modules with 10+ unique domains per module. Pricing is set at $759 first month and $250 monthly thereafter.
⠀
What's advertised:
⠀
▪️ Real-time credential and 2FA capture
▪️ Telegram notifications on victim login
▪️ One-click cookie import for instant session takeover
▪️ Bypass for all 2FA types
▪️ 10+ unique domains per module with 24/7 updates
▪️ Crypto modules: OKX, Bybit, Binance, Coinbase
▪️ Banking modules: Chase, BoA, Wells Fargo, Citi
▪️ Payment modules: PayPal, Stripe (Venmo and Cash App in testing)
▪️ Shopping modules: Amazon, Walmart, eBay, Target
▪️ Social modules: Instagram, Facebook, WhatsApp, TikTok
▪️ 15+ additional modules in pending/testing phase
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇲🇽 IMSS Banco de Sangre, the blood bank of Mexico's Instituto Mexicano del Seguro Social, has allegedly been breached, with 3.4 million donor records offered for sale.
⠀
‣ Threat Actor: ColdK3y
‣ Category: Data Sale
‣ Victim: IMSS Banco de Sangre
‣ Industry: Healthcare / Government
⠀
The actor states the breach occurred on May 4, 2026 and is offering the data in JSON and CSV format. The IMSS Blood Bank is responsible for the collection, testing, storage, and distribution of blood components for institute beneficiaries.
⠀
What's in it:
⠀
▪️ 3,405,180 donor records
▪️ NSS (social security) numbers
▪️ ID numbers
▪️ Donor information
▪️ Dates of birth
▪️ Full names
▪️ Donor type
▪️ Cell phone numbers
▪️ Additional donor data
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇵🇹 BLAT Studio (blatstudio.com), a Lisbon-based creative digital agency, has allegedly been breached, exposing personal data of Portuguese PSD political deputies and hashed credentials from multiple Portuguese university student associations.
⠀
‣ Threat Actor: Boogeymann
‣ Category: Data Leak
‣ Victim: BLAT Studio (with downstream impact on PSD deputies and Portuguese universities)
‣ Industry: Marketing / Political / Education
⠀
The actor states the data was obtained through an exposed Firebase database instance left without security rules. The breach impacts BLAT Studio's clients, which include Portugal's Social Democratic Party (PSD) and several student associations across Portuguese universities (ISCAL, IST, FADU, ESML, and others).
⠀
What's in it:
⠀
▪️ 119 university emails from student associations with hashed credentials (Base64 encoded + bcrypt)
▪️ 127 records of PSD political deputies, including names, addresses, phone numbers, work and personal emails, positions, and social media links (Facebook, Instagram, Twitter, TikTok, YouTube, LinkedIn)
▪️ 1,018,396 lines of internal BLAT Studio communications with clients, including message bodies, timestamps, user IDs, attachments, and conversations
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️ Dolphin X, a new all-in-one Windows RAT advertised with over 600 functions, is allegedly being sold on a hacking forum, marketed as a hybrid stealer, HVNC, DDoS botnet, and bootkit-capable malware.

‣ Threat Actor: Kontraktnik
‣ Category: Malware / RAT Sale
‣ Product: Dolphin X
‣ Industry: Cybercrime / Malware-as-a-Service

The actor is advertising a 4MB Windows-only RAT with claimed UEFI bootkit and metamorphic capabilities, a Linux/Debian build reportedly in development.

【 Stealer 】
Browser theft across Chromium and Gecko (cookies, passwords, autofill, bookmarks), WiFi password harvester, Windows Credential Manager dump, sensitive file hunter, crypto wallet theft (Exodus, MetaMask), targeted app stealing (Discord, Telegram, Steam, Minecraft), and sysadmin credential theft (FileZilla, WinSCP, PuTTY).

【 Remote Control 】
HVNC, remote desktop, reverse shell, file manager, network scanner, crypto clipper, and reverse proxy.

【 Persistence & Evasion 】
UEFI bootkit, multiple persistence methods (startup, scheduled tasks, services), Task Scheduler and Windows Services manipulation, anti-forensics, polymorphic / metamorphic / ultramorphic mutation, Defender manipulation, firewall and hosts file editing.

【 System Manipulation 】
Update blocking, Registry Editor access, Task Manager control, BSOD trigger, DLL and shellcode injection, software inventory.

【 Propagation 】
USB spreading, 20+ DDoS methods, botnet proxying and control mechanisms.

【 Utility 】
"Funny Trolls" features, Export All, BotKiller.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations