‼️ New Dark Web Informer Blog Post!
Title: Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data
Link: https://darkwebinformer.com/belgian-sports-fitness-chain-allegedly-breached-exposing-105k-customer-records-with-iban-data/
Title: Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data
Link: https://darkwebinformer.com/belgian-sports-fitness-chain-allegedly-breached-exposing-105k-customer-records-with-iban-data/
Dark Web Informer
Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data
A threat actor claims to be selling a customer database from a Belgian sports/fitness business (gym branding visible in the post as “ANIMO”), advertising it as containing 105,000 customers with full IBAN banking details. The seller is offering tiered pricing…
‼️ New Dark Web Informer Blog Post!
Title: Laboratorios CEFLO Allegedly Breached Exposing 21K Positive HIV, Syphilis, and COVID Test Results From the Mexican Lab
Link: https://darkwebinformer.com/laboratorios-ceflo-allegedly-breached-exposing-21k-positive-hiv-syphilis-and-covid-test-results-from-the-mexican-lab/
Title: Laboratorios CEFLO Allegedly Breached Exposing 21K Positive HIV, Syphilis, and COVID Test Results From the Mexican Lab
Link: https://darkwebinformer.com/laboratorios-ceflo-allegedly-breached-exposing-21k-positive-hiv-syphilis-and-covid-test-results-from-the-mexican-lab/
Dark Web Informer
Laboratorios CEFLO Allegedly Breached Exposing 21K Positive HIV, Syphilis, and COVID Test Results From the Mexican Lab
A threat actor describing themselves as specializing in “stealing medical data” claims to have breached Mexican clinical lab Laboratorios CEFLO, releasing the dataset for free out of stated retaliation after the lab allegedly ignored a paid pentest offer.
❤1
‼️ New Dark Web Informer Blog Post!
Title: Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Telecom’s E-Government Platform
Link: https://darkwebinformer.com/antel-tuid-digital-allegedly-breached-exposing-8gb-of-data-from-the-uruguayan-state-telecoms-e-government-platform/
Title: Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Telecom’s E-Government Platform
Link: https://darkwebinformer.com/antel-tuid-digital-allegedly-breached-exposing-8gb-of-data-from-the-uruguayan-state-telecoms-e-government-platform/
Dark Web Informer
Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Telecom’s E-Government Platform
A threat actor claims to have compromised TuID Digital, the digital identity platform operated by Uruguayan state-owned telecom Antel, by obtaining the API key stored alongside internal files on Antel’s server backend.
‼️ New Dark Web Informer Blog Post!
Title: US Non-Emergency Medical Transport Network Allegedly Breached Exposing 500K+ Patient Records and Live Admin Access
Link: https://darkwebinformer.com/us-non-emergency-medical-transport-network-allegedly-breached-exposing-500k-patient-records-and-live-admin-access/
Title: US Non-Emergency Medical Transport Network Allegedly Breached Exposing 500K+ Patient Records and Live Admin Access
Link: https://darkwebinformer.com/us-non-emergency-medical-transport-network-allegedly-breached-exposing-500k-patient-records-and-live-admin-access/
Dark Web Informer
US Non-Emergency Medical Transport Network Allegedly Breached Exposing 500K+ Patient Records and Live Admin Access
A threat actor claims to be selling live, authenticated admin panel access to a major US Non-Emergency Medical Transportation (NEMT) platform, advertising real-time control over operations rather than a static dump.
Taking the current IOC Feeds offline and cutting over to the new feeds. Will update once done.
🔪 Slice For Life - Part 2 🔪
Taking the current IOC Feeds offline and cutting over to the new feeds. Will update once done.
Both feeds have been updated. You may need to hard refresh the page(s) to see the update. CTRL+SHIFT+R
They can both be found under Subscribers or the Intel Feeds on the navigation bar.
They can both be found under Subscribers or the Intel Feeds on the navigation bar.
‼️ New Dark Web Informer Blog Post!
Title: HOMES Real Estate Platform Allegedly Leaked Exposing 7 Million Agent and Investor Records
Link: https://darkwebinformer.com/homes-at-world-allegedly-leaked-exposing-7-million-real-estate-agent-and-investor-records/
Title: HOMES Real Estate Platform Allegedly Leaked Exposing 7 Million Agent and Investor Records
Link: https://darkwebinformer.com/homes-at-world-allegedly-leaked-exposing-7-million-real-estate-agent-and-investor-records/
Dark Web Informer
Homes.at.world Allegedly Leaked Exposing 7 Million Real Estate Agent and Investor Records
A threat actor claims to be selling a 2.47GB CSV database from real estate platform homes.at.world, totaling 7,023,773 lines split between 4,883,773 agent records and 2,140,000 investor records.
‼️🇲🇽 Sunset World Resorts allegedly breached exposing 257GB of corporate data from the Mexican hotel group
A threat actor claims to have exfiltrated 257GB of unique data from Sunset World Group, a Mexican family-owned hospitality business operating six hotels in Cancun and the Riviera Maya. The advertised package spans contracts with customers and suppliers, financial documents, Oracle databases, employee records, and legal documents.
Post details:
▸ Actor(s): wower
▸ Sector: Hospitality / Hotels & Resorts
▸ Type: Data Sale
▸ Format: 257GB (includes Oracle DB exports and documents)
▸ Price: Negotiable
▸ Country: Mexico
Compromised data:
▪️ Customer and supplier contracts
▪️ Financial documents
▪️ Oracle database exports
▪️ Employee records
▪️ Legal documents
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have exfiltrated 257GB of unique data from Sunset World Group, a Mexican family-owned hospitality business operating six hotels in Cancun and the Riviera Maya. The advertised package spans contracts with customers and suppliers, financial documents, Oracle databases, employee records, and legal documents.
Post details:
▸ Actor(s): wower
▸ Sector: Hospitality / Hotels & Resorts
▸ Type: Data Sale
▸ Format: 257GB (includes Oracle DB exports and documents)
▸ Price: Negotiable
▸ Country: Mexico
Compromised data:
▪️ Customer and supplier contracts
▪️ Financial documents
▪️ Oracle database exports
▪️ Employee records
▪️ Legal documents
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Ayuntamiento de Valdemoro
Domain:
Country: 🇪🇸 ES
Date: May 6th, 2026
Summary:
A network incident, potentially caused by a cyberattack, has affected the servers of the Ayuntamiento de Valdemoro, currently preventing residents from carrying out municipal procedures and online consultations. The municipality has notified the Centro Criptológico Nacional and is working to resolve the issue after taking its servers offline as a precautionary measure. Authorities are advising citizens to remain vigilant against fraud attempts and to change their passwords in anticipation of a possible breach of personal data.
Source: https://alcabodelacalle.es/en-portada/un-posible-ciberataque-afecta-a-los-servidores-del-ayuntamiento-de-valdemoro-e-impide-realizar-tramites/
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Ayuntamiento de Valdemoro
Domain:
valdemoro.esCountry: 🇪🇸 ES
Date: May 6th, 2026
Summary:
A network incident, potentially caused by a cyberattack, has affected the servers of the Ayuntamiento de Valdemoro, currently preventing residents from carrying out municipal procedures and online consultations. The municipality has notified the Centro Criptológico Nacional and is working to resolve the issue after taking its servers offline as a precautionary measure. Authorities are advising citizens to remain vigilant against fraud attempts and to change their passwords in anticipation of a possible breach of personal data.
Source: https://alcabodelacalle.es/en-portada/un-posible-ciberataque-afecta-a-los-servidores-del-ayuntamiento-de-valdemoro-e-impide-realizar-tramites/
Periodico Al Cabo de la Calle
Un posible ciberataque afecta a los servidores del Ayuntamiento de Valdemoro e impide realizar trámites
Una incidencia en la red, detectada detectada en la tarde de este martes y que puede deberse a un ciberataque, ha afectado a los servidores del Ayuntamiento de Valdemoro y, de momento, impide realizar trámites y consultas con los servicios municipales: atención…
Chat, I'm doing the channel wipe again in this channel in a couple of hours. So if you need any posts, scrape them with the telegram scraper script. https://github.com/DarkWebInformer/telegram-scraper
GitHub
GitHub - DarkWebInformer/telegram-scraper: A powerful Python script that allows you to scrape messages and media from Telegram…
A powerful Python script that allows you to scrape messages and media from Telegram channels using the Telethon library. Features include real-time continuous scraping, media downloading, and data ...
❤3
‼️ New Dark Web Informer Blog Post!
Title: Ivanti Warns of New EPMM Zero-Day Exploited Using Credentials Stolen in January Attacks
Link: https://darkwebinformer.com/ivanti-warns-of-new-epmm-zero-day-exploited-using-credentials-stolen-in-january-attacks/
Title: Ivanti Warns of New EPMM Zero-Day Exploited Using Credentials Stolen in January Attacks
Link: https://darkwebinformer.com/ivanti-warns-of-new-epmm-zero-day-exploited-using-credentials-stolen-in-january-attacks/
Dark Web Informer
Ivanti Warns of New EPMM Zero-Day Exploited Using Credentials Stolen in January Attacks
Ivanti has issued an urgent security advisory for its Endpoint Manager Mobile (EPMM) product, disclosing five vulnerabilities including one that is actively exploited in the wild.
Forwarded from FBI Watchdog Alerts by Dark Web Informer
⚠️ FBI Watchdog - DNS Change (A) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: pwnforums.st
Record Type: DNS Change (A)
Time Detected: 2026-05-07 18:11:12 UTC
Previous Records:
New Records:
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: pwnforums.st
Record Type: DNS Change (A)
Time Detected: 2026-05-07 18:11:12 UTC
Previous Records:
31.58.220.14
New Records:
209.99.188.105
😈1
FBI Watchdog Alerts by Dark Web Informer
⚠️ FBI Watchdog - DNS Change (A) ⚠️ 🔗 DarkWebInformer.com - Cyber Threat Intelligence Domain: pwnforums.st Record Type: DNS Change (A) Time Detected: 2026-05-07 18:11:12 UTC Previous Records: 31.58.220.14 New Records: 209.99.188.105
PF
209[.]99[.]188[.]105
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
209[.]99[.]188[.]105
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😈2😁1
‼️🇨🇱 Multiple Chilean .cl websites allegedly being sold as access by Pharaoh's Team market
A threat group operating as "Pharaoh's Team market" is advertising access to 14 separate Chilean (.cl) websites on a Telegram channel, explicitly stating each is a different server rather than a shared host. The listing includes Domain Authority and Page Authority metrics for each target, suggesting the access is being marketed for SEO abuse, redirects, or further compromise.
Post details:
▸ Actor(s): Pharaoh's Team market
▸ Sector: Mixed (highway tolls, pharmacy/health, tourism, religious, education, news, real estate)
▸ Type: Access Sale
▸ Price: Negotiable (DM)
▸ Country: Chile
▸ Date: 07/05/2026
Affected entities:
▪️ alercweb.cl (DA 20 / PA 26)
▪️ autopistasdeantofagasta.cl (DA 26 / PA 36)
▪️ barbulnes.cl (DA 21 / PA 16)
▪️ boticadelalma.cl (DA 28 / PA 43)
▪️ carnalprime.cl (DA 26 / PA 42)
▪️ clubeve.cl (DA 28 / PA 23)
▪️ colegiovirgendepompeya.cl (DA 20 / PA 43)
▪️ concursowistuba.cl (DA 28 / PA 26)
▪️ decotextil.cl (DA 21 / PA 33)
▪️ embalselaspalmas.cl (DA 21 / PA 24)
▪️ galeriaweb.cl (DA 29 / PA 19)
▪️ isf-chile.org (DA 32 / PA 33)
▪️ newtrans.cl (DA 24 / PA 15)
▪️ porunchilequelee.cl (DA 30 / PA 33)
A threat group operating as "Pharaoh's Team market" is advertising access to 14 separate Chilean (.cl) websites on a Telegram channel, explicitly stating each is a different server rather than a shared host. The listing includes Domain Authority and Page Authority metrics for each target, suggesting the access is being marketed for SEO abuse, redirects, or further compromise.
Post details:
▸ Actor(s): Pharaoh's Team market
▸ Sector: Mixed (highway tolls, pharmacy/health, tourism, religious, education, news, real estate)
▸ Type: Access Sale
▸ Price: Negotiable (DM)
▸ Country: Chile
▸ Date: 07/05/2026
Affected entities:
▪️ alercweb.cl (DA 20 / PA 26)
▪️ autopistasdeantofagasta.cl (DA 26 / PA 36)
▪️ barbulnes.cl (DA 21 / PA 16)
▪️ boticadelalma.cl (DA 28 / PA 43)
▪️ carnalprime.cl (DA 26 / PA 42)
▪️ clubeve.cl (DA 28 / PA 23)
▪️ colegiovirgendepompeya.cl (DA 20 / PA 43)
▪️ concursowistuba.cl (DA 28 / PA 26)
▪️ decotextil.cl (DA 21 / PA 33)
▪️ embalselaspalmas.cl (DA 21 / PA 24)
▪️ galeriaweb.cl (DA 29 / PA 19)
▪️ isf-chile.org (DA 32 / PA 33)
▪️ newtrans.cl (DA 24 / PA 15)
▪️ porunchilequelee.cl (DA 30 / PA 33)
🔪 Slice For Life - Part 2 🔪
‼️ New Dark Web Informer Blog Post! Title: When the Watchman Gets Watched: Trellix Discloses Source Code Breach Link: https://darkwebinformer.com/when-the-watchman-gets-watched-trellix-discloses-source-code-breach/
‼️RansomHouse has claimed Trellix
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇫🇷 Deezer allegedly leaked exposing 2.5 million Russian user records from the French music streaming platform
A threat actor claims to have leaked a Russian-region subset of Deezer, the French music streaming platform, releasing 2,557,577 records. The CSV sample (filename "deezer_russian.csv") shows user IDs, full names, gender, dates of birth, emails, and country/language codes.
Post details:
▸ Actor(s): NormalLeVrai
▸ Sector: Music streaming / Entertainment
▸ Type: Data Leak
▸ Format: CSV
▸ Price: Free
▸ Records: 2,557,577
▸ Country: France (Russian user subset)
▸ Date: 07/05/2026
Compromised data:
▪️ User ID
▪️ First name and last name
▪️ Gender
▪️ Date of birth
▪️ Email address
▪️ Country code
▪️ Language code
Don't like the redacted screenshots? Subscribe... darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a Russian-region subset of Deezer, the French music streaming platform, releasing 2,557,577 records. The CSV sample (filename "deezer_russian.csv") shows user IDs, full names, gender, dates of birth, emails, and country/language codes.
Post details:
▸ Actor(s): NormalLeVrai
▸ Sector: Music streaming / Entertainment
▸ Type: Data Leak
▸ Format: CSV
▸ Price: Free
▸ Records: 2,557,577
▸ Country: France (Russian user subset)
▸ Date: 07/05/2026
Compromised data:
▪️ User ID
▪️ First name and last name
▪️ Gender
▪️ Date of birth
▪️ Email address
▪️ Country code
▪️ Language code
Don't like the redacted screenshots? Subscribe... darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️ Users of Instructure are currently logging into Canvas with a ShinyHunters message
Ruthless.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Ruthless.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥1