‼️🇲🇽 Instituto Consorcio Clavijero allegedly breached exposing 39,000 student records from the Veracruz education platform
Threat actors claim to have breached Instituto Consorcio Clavijero (ICC), a Veracruz-based educational institution in Mexico, describing the platform as "very easy to violate" and taunting the institute to fix its security and stop exposing students. The post is presented as a collaboration between two actors and includes a sample student record with full name, CURP national ID, address, and phone number.
Post details:
▸ Actor(s): Z3r00, MagoSpeak (SpeakTeam)
▸ Sector: Education
▸ Type: Data Leak
▸ Price: Free
▸ Records: ~39,000
▸ Country: Mexico (Veracruz)
▸ Date: 05/05/2026
Compromised data:
▪️ Matrícula (student ID)
▪️ Nombre (full name)
▪️ CURP (national identity code)
▪️ Lugar de entrega (delivery/program location)
▪️ Dirección (full address with postcode and city)
▪️ Teléfono (phone number with extensions)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Threat actors claim to have breached Instituto Consorcio Clavijero (ICC), a Veracruz-based educational institution in Mexico, describing the platform as "very easy to violate" and taunting the institute to fix its security and stop exposing students. The post is presented as a collaboration between two actors and includes a sample student record with full name, CURP national ID, address, and phone number.
Post details:
▸ Actor(s): Z3r00, MagoSpeak (SpeakTeam)
▸ Sector: Education
▸ Type: Data Leak
▸ Price: Free
▸ Records: ~39,000
▸ Country: Mexico (Veracruz)
▸ Date: 05/05/2026
Compromised data:
▪️ Matrícula (student ID)
▪️ Nombre (full name)
▪️ CURP (national identity code)
▪️ Lugar de entrega (delivery/program location)
▪️ Dirección (full address with postcode and city)
▪️ Teléfono (phone number with extensions)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇨🇴 VIP Buenaventura allegedly leaked exposing 70,000 user records from the Colombian taxi app
A threat actor claims to be selling a database from VIP Buenaventura, a Colombian ride-hailing/taxi application, listing 70,000 rows with names, phones, emails, and bcrypt-hashed passwords. The post is priced at $700 for one-hand sale, includes a CSV-style sample with rider records, geolocation, and payment metadata, and offers escrow.
Post details:
▸ Actor(s): faoced
▸ Sector: Transportation / Mobile Apps
▸ Type: Data Sale
▸ Format: CSV-style records
▸ Price: $700 (one hand)
▸ Records: 70,000
▸ Country: Colombia
▸ Date: 06/05/2026
Compromised data:
▪️ ID, first name, last name
▪️ Email, mobile, password (bcrypt hash), remember token
▪️ Gender, picture, language, city
▪️ Payment mode, wallet balance, Braintree ID
▪️ Device ID, device token, device type, login by, social unique ID
▪️ Latitude, longitude, lat1/lon1, lat2/lon2, lat3/lon3, dir1/dir2/dir3
▪️ Rating, version, referral, WhatsApp number, mobile (original)
▪️ API, ride/service flags, terms acceptance, timestamps (created_at, updated_at)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a database from VIP Buenaventura, a Colombian ride-hailing/taxi application, listing 70,000 rows with names, phones, emails, and bcrypt-hashed passwords. The post is priced at $700 for one-hand sale, includes a CSV-style sample with rider records, geolocation, and payment metadata, and offers escrow.
Post details:
▸ Actor(s): faoced
▸ Sector: Transportation / Mobile Apps
▸ Type: Data Sale
▸ Format: CSV-style records
▸ Price: $700 (one hand)
▸ Records: 70,000
▸ Country: Colombia
▸ Date: 06/05/2026
Compromised data:
▪️ ID, first name, last name
▪️ Email, mobile, password (bcrypt hash), remember token
▪️ Gender, picture, language, city
▪️ Payment mode, wallet balance, Braintree ID
▪️ Device ID, device token, device type, login by, social unique ID
▪️ Latitude, longitude, lat1/lon1, lat2/lon2, lat3/lon3, dir1/dir2/dir3
▪️ Rating, version, referral, WhatsApp number, mobile (original)
▪️ API, ride/service flags, terms acceptance, timestamps (created_at, updated_at)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇧🇷 CEMIG allegedly breached exposing a 190GB Watson instance dump from the Brazilian energy utility
A threat actor claims to be selling a full Watson customer-service platform dump from CEMIG, a major Brazilian electricity company, allegedly obtained by compromising an admin credential. The 72GB compressed (190GB uncompressed) dataset reportedly contains over 6 million unique conversations covering debt status, utility bill amounts, and parental data, plus Prometheus stats, employee exports, and now-inactive API keys, with the seller accepting on-site escrow.
Post details:
▸ Actor(s): tarot
▸ Sector: Energy / Utilities
▸ Type: Data Sale
▸ Format: Watson instance dump, 72GB compressed / 190GB uncompressed
▸ Price: Negotiable (escrow accepted)
▸ Records: 6.05M conversations, 1.6M phones, 1.38M CPFs, 865k emails, 1.1M names
▸ Country: Brazil
▸ Date: 05/05/2026
Compromised data:
▪️ Unique customer conversations (6,056,078)
▪️ CPF national IDs (1,381,293)
▪️ Phone numbers (1,606,234)
▪️ Email addresses (865,375)
▪️ Full names (1,104,389)
▪️ Debt status and utility bill payment amounts
▪️ Parental/family member names
▪️ Prometheus monitoring stats
▪️ Employee exports
▪️ API keys (reported inactive)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a full Watson customer-service platform dump from CEMIG, a major Brazilian electricity company, allegedly obtained by compromising an admin credential. The 72GB compressed (190GB uncompressed) dataset reportedly contains over 6 million unique conversations covering debt status, utility bill amounts, and parental data, plus Prometheus stats, employee exports, and now-inactive API keys, with the seller accepting on-site escrow.
Post details:
▸ Actor(s): tarot
▸ Sector: Energy / Utilities
▸ Type: Data Sale
▸ Format: Watson instance dump, 72GB compressed / 190GB uncompressed
▸ Price: Negotiable (escrow accepted)
▸ Records: 6.05M conversations, 1.6M phones, 1.38M CPFs, 865k emails, 1.1M names
▸ Country: Brazil
▸ Date: 05/05/2026
Compromised data:
▪️ Unique customer conversations (6,056,078)
▪️ CPF national IDs (1,381,293)
▪️ Phone numbers (1,606,234)
▪️ Email addresses (865,375)
▪️ Full names (1,104,389)
▪️ Debt status and utility bill payment amounts
▪️ Parental/family member names
▪️ Prometheus monitoring stats
▪️ Employee exports
▪️ API keys (reported inactive)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Critical Apache HTTP/2 Double-Free Flaw Enables Denial-of-Service and Potential Remote Code Execution
Link: https://darkwebinformer.com/critical-apache-http-2-double-free-flaw-enables-denial-of-service-and-potential-remote-code-execution/
Title: Critical Apache HTTP/2 Double-Free Flaw Enables Denial-of-Service and Potential Remote Code Execution
Link: https://darkwebinformer.com/critical-apache-http-2-double-free-flaw-enables-denial-of-service-and-potential-remote-code-execution/
Dark Web Informer
Critical Apache HTTP/2 Double-Free Flaw Enables Denial-of-Service and Potential Remote Code Execution
The Apache Software Foundation has released security updates to address several vulnerabilities in Apache HTTP Server, including a critical double-free memory corruption flaw that can lead to denial-of-service and potentially remote code execution.
‼️ New Dark Web Informer Blog Post!
Title: 52.3 Bitcoin and a Suburban Search Warrant: Inside One of Australia's Biggest Crypto Seizures
Link: https://darkwebinformer.com/52-3-bitcoin-and-a-suburban-search-warrant-inside-one-of-australias-biggest-crypto-seizures/
Title: 52.3 Bitcoin and a Suburban Search Warrant: Inside One of Australia's Biggest Crypto Seizures
Link: https://darkwebinformer.com/52-3-bitcoin-and-a-suburban-search-warrant-inside-one-of-australias-biggest-crypto-seizures/
Dark Web Informer
52.3 Bitcoin and a Suburban Search Warrant: Inside One of Australia's Biggest Crypto Seizures
When most people picture a darknet drug bust, they imagine cinematic scenes of hooded figures and underground servers. The reality, as a New South Wales Police operation revealed this week, looks a lot more mundane: a quiet street in Sydney's southwest, a…
🔪 Slice For Life - Part 2 🔪
The two IOC feeds will be relaunched Friday with a new UI, UX, and features. Much better than the current version. Stay tuned. ________________________________________ Main Channel: https://t.me/SliceForLifeee Backup Channel: https://t.me/SliceForLifeeee…
I am moving up the release of the IOC Live Feed and History Feed to tomorrow instead of Friday. There will be 30-60 minutes of downtime. I will let everyone know before the cutover.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇲🇽 Over 24 million Mexican civilian records allegedly leaked across two combined files
A threat actor claims to have posted two files together containing more than 24 million Mexican civil records, released for free. The samples include personal identifiers, demographic details, employment, and relationship status, with one database alone listed at 24,730,562 entries.
Post details:
▸ Actor(s): NormalLeVrai
▸ Sector: Government / Civil Records
▸ Type: Data Leak
▸ Format: TXT and XLSX (two files)
▸ Price: Free
▸ Records: 24M+ (one DB listed at 24,730,562)
▸ Country: Mexico
Compromised data:
▪️ Numeric ID and secondary ID
▪️ First name and last name(s)
▪️ Gender
▪️ Marital/relationship status
▪️ Employer or workplace
▪️ Birth year / age indicator
▪️ City, state, and country of residence
▪️ Free-text personal notes/descriptions
▪️ Occupation or housewife status
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have posted two files together containing more than 24 million Mexican civil records, released for free. The samples include personal identifiers, demographic details, employment, and relationship status, with one database alone listed at 24,730,562 entries.
Post details:
▸ Actor(s): NormalLeVrai
▸ Sector: Government / Civil Records
▸ Type: Data Leak
▸ Format: TXT and XLSX (two files)
▸ Price: Free
▸ Records: 24M+ (one DB listed at 24,730,562)
▸ Country: Mexico
Compromised data:
▪️ Numeric ID and secondary ID
▪️ First name and last name(s)
▪️ Gender
▪️ Marital/relationship status
▪️ Employer or workplace
▪️ Birth year / age indicator
▪️ City, state, and country of residence
▪️ Free-text personal notes/descriptions
▪️ Occupation or housewife status
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
XForums is currently offline.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The Register is reporting that Arctic Wolf has laid off 250 employees to save money for AI
https://www.theregister.com/ai-and-ml/2026/05/06/arctic-wolf-cuts-250-jobs-in-ai-push/5231213
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.theregister.com/ai-and-ml/2026/05/06/arctic-wolf-cuts-250-jobs-in-ai-push/5231213
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
theregister
Arctic Wolf kicks 250 employees out of the pack to save money for AI
Cuts appear to hit sales, product, and marketing, accounting for under 10% of staff
😁1
‼️ New Dark Web Informer Blog Post!
Title: CloudZ RAT: A Stealthy New Trojan Hijacks Microsoft Phone Link to Steal Your SMS OTPs
Link: https://darkwebinformer.com/cloudz-rat-a-stealthy-new-trojan-hijacks-microsoft-phone-link-to-steal-your-sms-otps/
Title: CloudZ RAT: A Stealthy New Trojan Hijacks Microsoft Phone Link to Steal Your SMS OTPs
Link: https://darkwebinformer.com/cloudz-rat-a-stealthy-new-trojan-hijacks-microsoft-phone-link-to-steal-your-sms-otps/
Dark Web Informer
CloudZ RAT: A Stealthy New Trojan Hijacks Microsoft Phone Link to Steal Your SMS OTPs
A newly disclosed remote access trojan (RAT) is quietly turning a built-in Windows feature into a credential-harvesting weapon, and what makes it particularly worrying is that it never has to touch your phone to steal codes meant for it.
🔪 Slice For Life - Part 2 🔪
‼️ New Dark Web Informer Blog Post! Title: Palo Alto Networks Warns of Actively Exploited PAN-OS Zero-Day Granting Root Access Link: https://darkwebinformer.com/palo-alto-networks-warns-of-actively-exploited-pan-os-zero-day-granting-root-access/
‼️ Nuclei template for fingerprinting the PAN-OS CVE-2026-0300 zero-day:
https://github.com/projectdiscovery/nuclei-templates/blob/25b1082881e20b9eb1a5cf69dca381e736f351da/http/exposed-panels/panos-management-panel.yaml
Credit: @rxerium (X)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://github.com/projectdiscovery/nuclei-templates/blob/25b1082881e20b9eb1a5cf69dca381e736f351da/http/exposed-panels/panos-management-panel.yaml
Credit: @rxerium (X)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤2
1/2‼️🇦🇷 Argentine government and Crónica.com allegedly breached exposing 80M credentials and sensitive admin data
A threat actor, claiming filtering by EsqueleSquad TEAM and crediting EsqueleStealer plus OSINT/exploits APIs, alleges that multiple .gob.ar and .edu.ar sites were compromised between 2024 and 2026, releasing a sample of over 80,000,000 lines covering scraped APIs, RENAPER identity records, and ANSES benefits data. The post also bundles purported Crónica.com administration panel access, employee data, FTP, and revenue metrics, with the actor threatening to release 50GB more if the thread receives support.
Post details:
▸ Actor(s): Skull1172 (filtered by EsqueleSquad TEAM)
▸ Sector: Government, Education, Media
▸ Type: Data Leak (sample) with threat to release more
▸ Format: Sample now, +50GB threatened
▸ Price: Free (registration/login gated sample)
▸ Records: 80M credentials, 154,654 conversations, 32M+ image/code64 entries, 11.8M ANSES records
▸ Country: Argentina
▸ Date: 06/05/2026
Affected entities:
▪️ auth[.afip.gob.ar (11.8M)
▪️ servicioscorp[.anses.gob.ar
▪️ id.argentina[.gob.ar
▪️ becasprogresar.educacion[.gob.ar (650k)
▪️ login.buenosaires[.gob.ar, autenticar[.gob.ar, sube[.gob.ar
▪️ portalempleo[.gob.ar, progresar[.educacion.gob.ar
▪️ login[.abc.gob.ar, miba[.buenosaires.gob.ar
▪️ clusterapw[.agip.gob.ar, lbapw[.agip.gob.ar
▪️ gde[.gob.ar, cas[.gde.gob.ar
▪️ RENAPER and ANSES API endpoints
▪️ estudiantes[.castelmonte.edu.ar (webmail)
▪️ SIGENO Zonda notarial system credential reset
▪️ Crónica[.com admin panel, employee data, FTP
Compromised data:
▪️ Phones, usernames, passwords
▪️ CUIL/DNI national identifiers
▪️ License plate numbers
▪️ Emails and webmail conversations
▪️ RENAPER record IDs, issuance/expiry dates, ID photos (code64)
▪️ Full names, dates of birth, citizen IDs
▪️ Street, number, postal code, city, municipality, province
▪️ ANSES benefits status data
▪️ Crónica employee records and admin credentials
▪️ Internal revenue metrics and advertiser/transaction data
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor, claiming filtering by EsqueleSquad TEAM and crediting EsqueleStealer plus OSINT/exploits APIs, alleges that multiple .gob.ar and .edu.ar sites were compromised between 2024 and 2026, releasing a sample of over 80,000,000 lines covering scraped APIs, RENAPER identity records, and ANSES benefits data. The post also bundles purported Crónica.com administration panel access, employee data, FTP, and revenue metrics, with the actor threatening to release 50GB more if the thread receives support.
Post details:
▸ Actor(s): Skull1172 (filtered by EsqueleSquad TEAM)
▸ Sector: Government, Education, Media
▸ Type: Data Leak (sample) with threat to release more
▸ Format: Sample now, +50GB threatened
▸ Price: Free (registration/login gated sample)
▸ Records: 80M credentials, 154,654 conversations, 32M+ image/code64 entries, 11.8M ANSES records
▸ Country: Argentina
▸ Date: 06/05/2026
Affected entities:
▪️ auth[.afip.gob.ar (11.8M)
▪️ servicioscorp[.anses.gob.ar
▪️ id.argentina[.gob.ar
▪️ becasprogresar.educacion[.gob.ar (650k)
▪️ login.buenosaires[.gob.ar, autenticar[.gob.ar, sube[.gob.ar
▪️ portalempleo[.gob.ar, progresar[.educacion.gob.ar
▪️ login[.abc.gob.ar, miba[.buenosaires.gob.ar
▪️ clusterapw[.agip.gob.ar, lbapw[.agip.gob.ar
▪️ gde[.gob.ar, cas[.gde.gob.ar
▪️ RENAPER and ANSES API endpoints
▪️ estudiantes[.castelmonte.edu.ar (webmail)
▪️ SIGENO Zonda notarial system credential reset
▪️ Crónica[.com admin panel, employee data, FTP
Compromised data:
▪️ Phones, usernames, passwords
▪️ CUIL/DNI national identifiers
▪️ License plate numbers
▪️ Emails and webmail conversations
▪️ RENAPER record IDs, issuance/expiry dates, ID photos (code64)
▪️ Full names, dates of birth, citizen IDs
▪️ Street, number, postal code, city, municipality, province
▪️ ANSES benefits status data
▪️ Crónica employee records and admin credentials
▪️ Internal revenue metrics and advertiser/transaction data
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations