Been down for like 12 hours now. No update on their TG channel...
‼️🇫🇷 A threat actor is offering for sale an unpatched Boolean-based blind SQL injection vulnerability targeting a high-traffic French government website.
The vulnerability reportedly affects a POST parameter and enables full database enumeration, exposing user credentials, PII, and internal configurations.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The vulnerability reportedly affects a POST parameter and enables full database enumeration, exposing user credentials, PII, and internal configurations.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
FBI Watchdog Alerts by Dark Web Informer
⚠️ FBI Watchdog - WHOIS Change ⚠️ 🔗 DarkWebInformer.com - Cyber Threat Intelligence Domain: pwnforums.st Record Type: WHOIS Change Time Detected: 2026-05-05 17:36:01 UTC Previous Records: name_servers: ['ns1 ddos-guard net', 'ns2 ddos-guard net'] New Records:…
Lul
😈2😭2
‼️ A targeting list pairing cryptocurrency wallet addresses with Twitter/X usernames is allegedly being sold on a hacking forum, with the seller explicitly marketing it for "IRL robberies" of crypto holders.
⠀
‣ Category: OSINT Targeting List / Physical Threat
‣ Industry: Cryptocurrency / Personal Security
⠀
The listing exposes the ongoing trend of OSINT-style datasets that correlate on-chain wallet activity with real-world social media identities, enabling targeted home invasions and physical robberies of crypto holders. Similar lists have been linked to in-person attacks on crypto users globally.
⠀
What's in it:
⠀
▪️ ~150,000 user records
▪️ 41,234 unique wallet addresses
▪️ Linked Twitter/X usernames
⠀
Defensive guidance:
▪️ Crypto holders should assume public on-chain activity plus social presence may already be correlated
▪️ Avoid publicly linking social handles to wallets that hold significant balances
▪️ Compartmentalize holdings across cold storage and minimize on-chain footprint tied to identity
▪️ Review home and personal security posture if you are publicly identifiable as a crypto holder
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Category: OSINT Targeting List / Physical Threat
‣ Industry: Cryptocurrency / Personal Security
⠀
The listing exposes the ongoing trend of OSINT-style datasets that correlate on-chain wallet activity with real-world social media identities, enabling targeted home invasions and physical robberies of crypto holders. Similar lists have been linked to in-person attacks on crypto users globally.
⠀
What's in it:
⠀
▪️ ~150,000 user records
▪️ 41,234 unique wallet addresses
▪️ Linked Twitter/X usernames
⠀
Defensive guidance:
▪️ Crypto holders should assume public on-chain activity plus social presence may already be correlated
▪️ Avoid publicly linking social handles to wallets that hold significant balances
▪️ Compartmentalize holdings across cold storage and minimize on-chain footprint tied to identity
▪️ Review home and personal security posture if you are publicly identifiable as a crypto holder
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇵🇹 BLAT Studio (blatstudio.com), a Lisbon-based creative digital agency, has allegedly been breached, exposing personal data of Portuguese PSD political deputies and hashed credentials from multiple Portuguese university student associations.
⠀
‣ Threat Actor: Boogeymann
‣ Category: Data Leak
‣ Victim: BLAT Studio (with downstream impact on PSD deputies and Portuguese universities)
‣ Industry: Marketing / Political / Education
⠀
The actor states the data was obtained through an exposed Firebase database instance left without security rules. The breach impacts BLAT Studio's clients, which include Portugal's Social Democratic Party (PSD) and several student associations across Portuguese universities (ISCAL, IST, FADU, ESML, and others).
⠀
What's in it:
⠀
▪️ 119 university emails from student associations with hashed credentials (Base64 encoded + bcrypt)
▪️ 127 records of PSD political deputies, including names, addresses, phone numbers, work and personal emails, positions, and social media links (Facebook, Instagram, Twitter, TikTok, YouTube, LinkedIn)
▪️ 1,018,396 lines of internal BLAT Studio communications with clients, including message bodies, timestamps, user IDs, attachments, and conversations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
⠀
‣ Threat Actor: Boogeymann
‣ Category: Data Leak
‣ Victim: BLAT Studio (with downstream impact on PSD deputies and Portuguese universities)
‣ Industry: Marketing / Political / Education
⠀
The actor states the data was obtained through an exposed Firebase database instance left without security rules. The breach impacts BLAT Studio's clients, which include Portugal's Social Democratic Party (PSD) and several student associations across Portuguese universities (ISCAL, IST, FADU, ESML, and others).
⠀
What's in it:
⠀
▪️ 119 university emails from student associations with hashed credentials (Base64 encoded + bcrypt)
▪️ 127 records of PSD political deputies, including names, addresses, phone numbers, work and personal emails, positions, and social media links (Facebook, Instagram, Twitter, TikTok, YouTube, LinkedIn)
▪️ 1,018,396 lines of internal BLAT Studio communications with clients, including message bodies, timestamps, user IDs, attachments, and conversations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ Dolphin X, a new all-in-one Windows RAT advertised with over 600 functions, is allegedly being sold on a hacking forum, marketed as a hybrid stealer, HVNC, DDoS botnet, and bootkit-capable malware.
‣ Threat Actor: Kontraktnik
‣ Category: Malware / RAT Sale
‣ Product: Dolphin X
‣ Industry: Cybercrime / Malware-as-a-Service
The actor is advertising a 4MB Windows-only RAT with claimed UEFI bootkit and metamorphic capabilities, a Linux/Debian build reportedly in development.
【 Stealer 】
Browser theft across Chromium and Gecko (cookies, passwords, autofill, bookmarks), WiFi password harvester, Windows Credential Manager dump, sensitive file hunter, crypto wallet theft (Exodus, MetaMask), targeted app stealing (Discord, Telegram, Steam, Minecraft), and sysadmin credential theft (FileZilla, WinSCP, PuTTY).
【 Remote Control 】
HVNC, remote desktop, reverse shell, file manager, network scanner, crypto clipper, and reverse proxy.
【 Persistence & Evasion 】
UEFI bootkit, multiple persistence methods (startup, scheduled tasks, services), Task Scheduler and Windows Services manipulation, anti-forensics, polymorphic / metamorphic / ultramorphic mutation, Defender manipulation, firewall and hosts file editing.
【 System Manipulation 】
Update blocking, Registry Editor access, Task Manager control, BSOD trigger, DLL and shellcode injection, software inventory.
【 Propagation 】
USB spreading, 20+ DDoS methods, botnet proxying and control mechanisms.
【 Utility 】
"Funny Trolls" features, Export All, BotKiller.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‣ Threat Actor: Kontraktnik
‣ Category: Malware / RAT Sale
‣ Product: Dolphin X
‣ Industry: Cybercrime / Malware-as-a-Service
The actor is advertising a 4MB Windows-only RAT with claimed UEFI bootkit and metamorphic capabilities, a Linux/Debian build reportedly in development.
【 Stealer 】
Browser theft across Chromium and Gecko (cookies, passwords, autofill, bookmarks), WiFi password harvester, Windows Credential Manager dump, sensitive file hunter, crypto wallet theft (Exodus, MetaMask), targeted app stealing (Discord, Telegram, Steam, Minecraft), and sysadmin credential theft (FileZilla, WinSCP, PuTTY).
【 Remote Control 】
HVNC, remote desktop, reverse shell, file manager, network scanner, crypto clipper, and reverse proxy.
【 Persistence & Evasion 】
UEFI bootkit, multiple persistence methods (startup, scheduled tasks, services), Task Scheduler and Windows Services manipulation, anti-forensics, polymorphic / metamorphic / ultramorphic mutation, Defender manipulation, firewall and hosts file editing.
【 System Manipulation 】
Update blocking, Registry Editor access, Task Manager control, BSOD trigger, DLL and shellcode injection, software inventory.
【 Propagation 】
USB spreading, 20+ DDoS methods, botnet proxying and control mechanisms.
【 Utility 】
"Funny Trolls" features, Export All, BotKiller.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😁1
‼️ Blackwater Ransomware Chat Portal:
http://6t5g73fbzdjuhvvovuvuhc4mdgefrwn75szssx4ftqzxyuacdij47pad[.]onion
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
http://6t5g73fbzdjuhvvovuvuhc4mdgefrwn75szssx4ftqzxyuacdij47pad[.]onion
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
Forwarded from FBI Watchdog Alerts by Dark Web Informer
⚠️ FBI Watchdog - IP Change (hosting migration) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: pwnforums.st
Record Type: IP Change (hosting migration)
Time Detected: 2026-05-06 03:17:23 UTC
Previous Records:
New Records:
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: pwnforums.st
Record Type: IP Change (hosting migration)
Time Detected: 2026-05-06 03:17:23 UTC
Previous Records:
A: 91.107.246.200
AAAA:
New Records:
A: 91.107.246.200 → 104.194.133.190
rDNS: 104.194.133.190 → 190.133.194.104.static.cloudzy.com
Classification: Complete IP replacement - likely hosting migration
‼️TomodachiShare allegedly exposing 145K user accounts
The actor TheAnonymousShipper has shared a dataset containing emails, nicknames, descriptions, and profile photos from accounts created on TomodachiShare.com, a fan community site centered on the Tomodachi Life game.
Post details:
▸ Actor: TheAnonymousShipper
▸ Sector: Online Community / Gaming
▸ Type: Data Leak
▸ Records: ~145,000
▸ Price: Free
Compromised data:
▪️ User ID
▪️ Account name
▪️ Email address
▪️ Email verification status
▪️ Profile image / avatar URL
▪️ Profile description
▪️ Account creation timestamp
▪️ Last update timestamp
▪️ Image last-updated timestamp
▪️ Likes count
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor TheAnonymousShipper has shared a dataset containing emails, nicknames, descriptions, and profile photos from accounts created on TomodachiShare.com, a fan community site centered on the Tomodachi Life game.
Post details:
▸ Actor: TheAnonymousShipper
▸ Sector: Online Community / Gaming
▸ Type: Data Leak
▸ Records: ~145,000
▸ Price: Free
Compromised data:
▪️ User ID
▪️ Account name
▪️ Email address
▪️ Email verification status
▪️ Profile image / avatar URL
▪️ Profile description
▪️ Account creation timestamp
▪️ Last update timestamp
▪️ Image last-updated timestamp
▪️ Likes count
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇫🇷 CAF (Caisse d'Allocations Familiales) allegedly breached exposing 22 million records
The actor eztocard has shared a 15.35 GB JSON dataset claimed to originate from CAF, France's family allowance fund agency. Sample records include extensive personal, demographic, and administrative data on individual beneficiaries.
Post details:
▸ Actor: eztocard
▸ Sector: Government / Social Services
▸ Type: Data Leak
▸ Format: JSON (15.35 GB, file: a.json)
▸ Records: ~22,000,000
▸ Price: Free
Compromised data:
▪️ Internal IDs (id, id_psp)
▪️ Full name, first name, title (Mr/Mrs)
▪️ Date of birth
▪️ Gender
▪️ Email address
▪️ Phone number
▪️ Matricule (registration number)
▪️ Organisation code & affiliation (CAF)
▪️ Beneficiary status & situation
▪️ Full postal address (street, number, postal code, INSEE code, commune)
▪️ Address complement
▪️ Exercise ID & validation status
▪️ Document UUID & rejection flag
▪️ Account creation & update timestamps
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor eztocard has shared a 15.35 GB JSON dataset claimed to originate from CAF, France's family allowance fund agency. Sample records include extensive personal, demographic, and administrative data on individual beneficiaries.
Post details:
▸ Actor: eztocard
▸ Sector: Government / Social Services
▸ Type: Data Leak
▸ Format: JSON (15.35 GB, file: a.json)
▸ Records: ~22,000,000
▸ Price: Free
Compromised data:
▪️ Internal IDs (id, id_psp)
▪️ Full name, first name, title (Mr/Mrs)
▪️ Date of birth
▪️ Gender
▪️ Email address
▪️ Phone number
▪️ Matricule (registration number)
▪️ Organisation code & affiliation (CAF)
▪️ Beneficiary status & situation
▪️ Full postal address (street, number, postal code, INSEE code, commune)
▪️ Address complement
▪️ Exercise ID & validation status
▪️ Document UUID & rejection flag
▪️ Account creation & update timestamps
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇭🇰 KGI (kgi.com.hk) allegedly breached exposing 5M+ Hong Kong stock investor records
The actor FuckSpy is offering a database claimed to originate from KGI, a Hong Kong-based stock investment and brokerage firm. The dataset includes investor contact details and granular trading activity, with the price set as negotiable.
Post details:
▸ Actor: FuckSpy
▸ Sector: Finance / Brokerage
▸ Type: Data Sale
▸ Records: 5,000,000+ unique rows
▸ Leaked Date: 2026
▸ Price: Negotiable
Compromised data:
▪️ Email address
▪️ Phone number
▪️ Stock name
▪️ Stock code
▪️ Rise / fall percentage
▪️ Maximum & minimum values
▪️ Trade volume
▪️ Trade amount
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor FuckSpy is offering a database claimed to originate from KGI, a Hong Kong-based stock investment and brokerage firm. The dataset includes investor contact details and granular trading activity, with the price set as negotiable.
Post details:
▸ Actor: FuckSpy
▸ Sector: Finance / Brokerage
▸ Type: Data Sale
▸ Records: 5,000,000+ unique rows
▸ Leaked Date: 2026
▸ Price: Negotiable
Compromised data:
▪️ Email address
▪️ Phone number
▪️ Stock name
▪️ Stock code
▪️ Rise / fall percentage
▪️ Maximum & minimum values
▪️ Trade volume
▪️ Trade amount
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇨🇦 Croesus (croesus.com) allegedly breached exposing 19,220 Canadian user records
The actor moxzey is selling a database claimed to originate from Croesus, a Canadian financial software provider serving the wealth management industry. The dataset is being offered for $250.
Post details:
▸ Actor: moxzey
▸ Sector: Finance / Wealth Management Software
▸ Type: Data Sale
▸ Records: 19,220
▸ Format: CSV
▸ Leaked Date: 1 May 2026
▸ Price: $250
Compromised data:
▪️ Full name
▪️ Phone number
▪️ Address
▪️ City
▪️ Zip / postal code
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor moxzey is selling a database claimed to originate from Croesus, a Canadian financial software provider serving the wealth management industry. The dataset is being offered for $250.
Post details:
▸ Actor: moxzey
▸ Sector: Finance / Wealth Management Software
▸ Type: Data Sale
▸ Records: 19,220
▸ Format: CSV
▸ Leaked Date: 1 May 2026
▸ Price: $250
Compromised data:
▪️ Full name
▪️ Phone number
▪️ Address
▪️ City
▪️ Zip / postal code
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations