I am moving up the release of the IOC Live Feed and History Feed to tomorrow instead of Friday. There will be 30-60 minutes of downtime. I will let everyone know before the cutover.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇲🇽 Over 24 million Mexican civilian records allegedly leaked across two combined files

A threat actor claims to have posted two files together containing more than 24 million Mexican civil records, released for free. The samples include personal identifiers, demographic details, employment, and relationship status, with one database alone listed at 24,730,562 entries.

Post details:

▸ Actor(s): NormalLeVrai
▸ Sector: Government / Civil Records
▸ Type: Data Leak
▸ Format: TXT and XLSX (two files)
▸ Price: Free
▸ Records: 24M+ (one DB listed at 24,730,562)
▸ Country: Mexico

Compromised data:

▪️ Numeric ID and secondary ID
▪️ First name and last name(s)
▪️ Gender
▪️ Marital/relationship status
▪️ Employer or workplace
▪️ Birth year / age indicator
▪️ City, state, and country of residence
▪️ Free-text personal notes/descriptions
▪️ Occupation or housewife status
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

1/2‼️🇦🇷 Argentine government and Crónica.com allegedly breached exposing 80M credentials and sensitive admin data

A threat actor, claiming filtering by EsqueleSquad TEAM and crediting EsqueleStealer plus OSINT/exploits APIs, alleges that multiple .gob.ar and .edu.ar sites were compromised between 2024 and 2026, releasing a sample of over 80,000,000 lines covering scraped APIs, RENAPER identity records, and ANSES benefits data. The post also bundles purported Crónica.com administration panel access, employee data, FTP, and revenue metrics, with the actor threatening to release 50GB more if the thread receives support.

Post details:

▸ Actor(s): Skull1172 (filtered by EsqueleSquad TEAM)
▸ Sector: Government, Education, Media
▸ Type: Data Leak (sample) with threat to release more
▸ Format: Sample now, +50GB threatened
▸ Price: Free (registration/login gated sample)
▸ Records: 80M credentials, 154,654 conversations, 32M+ image/code64 entries, 11.8M ANSES records
▸ Country: Argentina
▸ Date: 06/05/2026

Affected entities:

▪️ auth[.afip.gob.ar (11.8M)
▪️ servicioscorp[.anses.gob.ar
▪️ id.argentina[.gob.ar
▪️ becasprogresar.educacion[.gob.ar (650k)
▪️ login.buenosaires[.gob.ar, autenticar[.gob.ar, sube[.gob.ar
▪️ portalempleo[.gob.ar, progresar[.educacion.gob.ar
▪️ login[.abc.gob.ar, miba[.buenosaires.gob.ar
▪️ clusterapw[.agip.gob.ar, lbapw[.agip.gob.ar
▪️ gde[.gob.ar, cas[.gde.gob.ar
▪️ RENAPER and ANSES API endpoints
▪️ estudiantes[.castelmonte.edu.ar (webmail)
▪️ SIGENO Zonda notarial system credential reset
▪️ Crónica[.com admin panel, employee data, FTP

Compromised data:

▪️ Phones, usernames, passwords
▪️ CUIL/DNI national identifiers
▪️ License plate numbers
▪️ Emails and webmail conversations
▪️ RENAPER record IDs, issuance/expiry dates, ID photos (code64)
▪️ Full names, dates of birth, citizen IDs
▪️ Street, number, postal code, city, municipality, province
▪️ ANSES benefits status data
▪️ Crónica employee records and admin credentials
▪️ Internal revenue metrics and advertiser/transaction data
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇪🇨 CACPE Pastaza allegedly breached exposing 18 million Ecuadorian civil registry records via an unprotected API

A threat actor claims that the identity validation API of CACPE Pastaza, an Ecuadorian cooperative, was pwned through an unprotected proxy endpoint that queries the national civil registry, exposing over 18 million records updated as of today. The post is being released for free and includes a working cURL exploitation example showing how anyone can pull complete personal records by submitting a national ID number.

Post details:

▸ Actor(s): GondorPe
▸ Sector: Finance / Government (civil registry via cooperative API)
▸ Type: Data Leak / API Exposure
▸ Price: Free
▸ Records: 18,000,000+
▸ Country: Ecuador
▸ Date: 06/05/2026

Compromised data:

▪️ Full names (apellidos, nombres)
▪️ National ID number (NUI / cédula)
▪️ Date of birth
▪️ Place of birth
▪️ Home address (domicilio, calle, número)
▪️ Marital status
▪️ Gender
▪️ Nationality
▪️ Father's and mother's names
▪️ Profession
▪️ Date of ID issuance
▪️ Citizenship status
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🏴‍☠️ Nimrod Stealer source code allegedly shared on a hacking forum for credential and browser data theft

A user is distributing the source code of "Nimrod Stealer," an information-stealing tool described in the post as designed to harvest saved browser credentials, cookies, autofill data, and system fingerprints, with stolen data exfiltrated to remote servers. The package is shared as a Python-based builder with installer batch files and a README, alongside a contact pointer for a "premium" version.

Post details:

▸ Actor(s): sunshineking
▸ Sector: Malware / Offensive tooling
▸ Type: Source Code Release (infostealer)
▸ Format: Python project (builder.py, install.py, junk.py, install_python.bat, builder.bat, requirements.txt)
▸ Price: Free (premium variant referenced separately)

Capabilities described in the post:

▪️ Steals saved passwords from browsers
▪️ Extracts banking and payment details
▪️ Targets email and social media account access
▪️ Gathers system and network information
▪️ Scans browsers for saved credentials and cookies
▪️ Extracts autofill data
▪️ Collects system fingerprints
▪️ Exfiltrates collected data to remote servers
▪️ Delivered via phishing emails, fake downloads, or cracked software bundles

Defender notes:

▪️ Monitor for suspicious Python interpreter installs and execution of unsigned .bat loaders on user endpoints
▪️ Hunt for unexpected browser credential store and cookie file access (Login Data, Cookies SQLite DBs in Chromium/Gecko profiles)
▪️ Restrict execution of scripts from user-writable paths via AppLocker/WDAC
▪️ Enforce browser password manager hardening or move users to enterprise SSO + MFA to reduce stealer payoff
▪️ Alert on outbound traffic to anomalous hosts shortly after first-run of new Python processes
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations