‼️🇮🇳 Indian real estate firm allegedly being sold as Azure AD server admin access
A threat actor is offering Server Admin level Azure AD access to an unnamed Indian real estate company, with the target profile listing $10M-$25M in revenue and roughly 100 hosts on the network. The post notes Malwarebytes EDR is in place. 😁
Post details:
▸ Actor(s): tiger
▸ Sector: Real Estate
▸ Type: Access Sale
▸ Access: Azure AD, Server Admin privilege
▸ AV / EDR: Malwarebytes EDR
▸ Network size: ~100 hosts
▸ Revenue: $10M - $25M
▸ Country: India
▸ Date: 07/05/2026
Don't like the redacted screenshots? Subscribe... darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is offering Server Admin level Azure AD access to an unnamed Indian real estate company, with the target profile listing $10M-$25M in revenue and roughly 100 hosts on the network. The post notes Malwarebytes EDR is in place. 😁
Post details:
▸ Actor(s): tiger
▸ Sector: Real Estate
▸ Type: Access Sale
▸ Access: Azure AD, Server Admin privilege
▸ AV / EDR: Malwarebytes EDR
▸ Network size: ~100 hosts
▸ Revenue: $10M - $25M
▸ Country: India
▸ Date: 07/05/2026
Don't like the redacted screenshots? Subscribe... darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
If you were curious to know how the info stealer situation is at Instructure, here is the dashboard courtesy of @whiteintel_io.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
If you were curious to know how the info stealer situation is at Instructure, here is the dashboard courtesy of @whiteintel_io. ________________________________________ Main Channel: https://t.me/SliceForLifeee Backup Channel: https://t.me/SliceForLifeeee…
Adding consumer events just to stay fair.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
They are still down, with no updates. ________________________________________ Main Channel: https://t.me/SliceForLifeee Backup Channel: https://t.me/SliceForLifeeee Website: darkwebinformer.com Pricing (Includes Crypto): darkwebinformer.com/pricing API Access:…
Instructure provided an update on their status page.
Update - Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode. We anticipate being up soon, and will provide updates as soon as possible
May 07, 2026 - 17:37 MDT
https://status.instructure.com/
Update - Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode. We anticipate being up soon, and will provide updates as soon as possible
May 07, 2026 - 17:37 MDT
https://status.instructure.com/
‼️ ShinyHunters wants you to know that no further comments will be made regarding the recent hack.
Instructure still is no longer listed on their Pay or Leak portal.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Instructure still is no longer listed on their Pay or Leak portal.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Community Choice Credit Union Allegedly Breached Exposing 1M+ Premium Credit Client Records
Link: https://darkwebinformer.com/community-choice-credit-union-allegedly-breached-exposing-1m-premium-credit-client-records/
Title: Community Choice Credit Union Allegedly Breached Exposing 1M+ Premium Credit Client Records
Link: https://darkwebinformer.com/community-choice-credit-union-allegedly-breached-exposing-1m-premium-credit-client-records/
Dark Web Informer
Community Choice Credit Union Allegedly Breached Exposing 1M+ Premium Credit Client Records
A threat actor is advertising what they describe as a US banking / premium credit client dataset tied to communitychoicecu.com, releasing a 1M+ record sample with full card numbers, names, issuing banks, and addresses.
‼️ New Dark Web Informer Blog Post!
Title: LDLC Allegedly Leaked Exposing 1.5 Million Customer Records From the French Tech Retailer
Link: https://darkwebinformer.com/ldlc-allegedly-leaked-exposing-1-5-million-customer-records-from-the-french-tech-retailer/
Title: LDLC Allegedly Leaked Exposing 1.5 Million Customer Records From the French Tech Retailer
Link: https://darkwebinformer.com/ldlc-allegedly-leaked-exposing-1-5-million-customer-records-from-the-french-tech-retailer/
Dark Web Informer
LDLC Allegedly Leaked Exposing 1.5 Million Customer Records From the French Tech Retailer
A threat actor claims to have leaked a database from LDLC, a major French retailer of computers, components, smartphones, and gaming/audio/TV equipment, releasing 1,504,635 records for free under the hashtag #freebreach3d.
‼️ New Dark Web Informer Blog Post!
Title: Credilink Allegedly Breached Exposing 243 Million Records From the Brazilian Credit Data Provider
Link: https://darkwebinformer.com/credilink-allegedly-breached-exposing-243-million-records-from-the-brazilian-credit-data-provider/
Title: Credilink Allegedly Breached Exposing 243 Million Records From the Brazilian Credit Data Provider
Link: https://darkwebinformer.com/credilink-allegedly-breached-exposing-243-million-records-from-the-brazilian-credit-data-provider/
Dark Web Informer
Credilink Allegedly Breached Exposing 243 Million Records From the Brazilian Credit Data Provider
A threat actor is selling a 243 million record dataset attributed to credilink.com.br, described in the post as a Brazilian credit information and risk analysis provider serving financial institutions and retailers.
‼️🏴☠️ R4T Ghost v1.7.5 Remote Access Trojan allegedly being sold on a hacking forum
An actor is selling ownership of "R4T Ghost v1.7.5," a Windows Remote Access Trojan, for $1,530, advertising it as their "latest 2026" build with a free update guarantee. Screenshots from the post show a builder/controller GUI with modules for client management, file transfer, registry editing, screenshot capture, webcam and microphone access, keylogging, and a remote shell.
Post details:
▸ Actor(s): MDGhost
▸ Sector: Malware / Offensive tooling
▸ Type: Tool Sale (Remote Access Trojan)
▸ Format: Builder + controller (port 5555 default listener)
▸ Price: $1,530 (with claimed free update guarantee)
Capabilities described in the post:
▪️ Steal files and saved passwords
▪️ Spy on user activity
▪️ Take screenshots
▪️ Access webcam and microphone
▪️ Remote control of victim devices
▪️ Exfiltrate internal documents and customer databases
▪️ Harvest emails, login credentials, project files, and financial data
▪️ Client dashboard with IP, country, PC name, user, OS, AV, ping, idle time
▪️ Tabs for system info, network, process manager, files, registry, services, tasks, screenshot, webcam, keylogger, remote shell
Defender notes:
▪️ Hunt for unsigned binaries opening listeners on port 5555 or other non-standard high ports
▪️ Alert on unexpected webcam/microphone access by non-conferencing processes
▪️ Monitor for new persistence entries (Run keys, scheduled tasks, services) created by recently executed user-mode binaries
▪️ EDR rules for combined keystroke logging plus screen capture plus outbound C2 beaconing patterns
▪️ Block execution of binaries from user-writable paths via AppLocker/WDAC and enforce MFA on credential stores
Note: The blurs on the RAT screenshot are not mine.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
An actor is selling ownership of "R4T Ghost v1.7.5," a Windows Remote Access Trojan, for $1,530, advertising it as their "latest 2026" build with a free update guarantee. Screenshots from the post show a builder/controller GUI with modules for client management, file transfer, registry editing, screenshot capture, webcam and microphone access, keylogging, and a remote shell.
Post details:
▸ Actor(s): MDGhost
▸ Sector: Malware / Offensive tooling
▸ Type: Tool Sale (Remote Access Trojan)
▸ Format: Builder + controller (port 5555 default listener)
▸ Price: $1,530 (with claimed free update guarantee)
Capabilities described in the post:
▪️ Steal files and saved passwords
▪️ Spy on user activity
▪️ Take screenshots
▪️ Access webcam and microphone
▪️ Remote control of victim devices
▪️ Exfiltrate internal documents and customer databases
▪️ Harvest emails, login credentials, project files, and financial data
▪️ Client dashboard with IP, country, PC name, user, OS, AV, ping, idle time
▪️ Tabs for system info, network, process manager, files, registry, services, tasks, screenshot, webcam, keylogger, remote shell
Defender notes:
▪️ Hunt for unsigned binaries opening listeners on port 5555 or other non-standard high ports
▪️ Alert on unexpected webcam/microphone access by non-conferencing processes
▪️ Monitor for new persistence entries (Run keys, scheduled tasks, services) created by recently executed user-mode binaries
▪️ EDR rules for combined keystroke logging plus screen capture plus outbound C2 beaconing patterns
▪️ Block execution of binaries from user-writable paths via AppLocker/WDAC and enforce MFA on credential stores
Note: The blurs on the RAT screenshot are not mine.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Meetic Allegedly Leaked Exposing 7 Million User Records From the French Online Dating Platform
Link: https://darkwebinformer.com/meetic-allegedly-leaked-exposing-7-million-user-records-from-the-french-online-dating-platform/
Title: Meetic Allegedly Leaked Exposing 7 Million User Records From the French Online Dating Platform
Link: https://darkwebinformer.com/meetic-allegedly-leaked-exposing-7-million-user-records-from-the-french-online-dating-platform/
Dark Web Informer
Meetic Allegedly Leaked Exposing 7 Million User Records From the French Online Dating Platform
A threat actor claims to have leaked a database from Meetic, a major French online dating platform, releasing 7,169,561 records for free under the hashtag #freebreach3d.
‼️ Instructure has updated their security incident page with further information.
https://www.instructure.com/incident_update
They state ShinyHunters exploited an issue related to their Free-For-Teacher accounts and have shut it down temporarily.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.instructure.com/incident_update
They state ShinyHunters exploited an issue related to their Free-For-Teacher accounts and have shut it down temporarily.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇻🇪 Cashea allegedly re-leaked exposing 79 million transaction records from the Venezuelan BNPL app
A threat actor is reposting and updating a leak of Cashea, a Venezuelan "buy now, pay later" app, claiming a 46.5GB JSON dataset dated 21/02/2026 with sample files including transaction history through that date. The post warns about scammers recycling earlier samples and includes a record showing customer identity, phone, and an installment payment schedule.
Post details:
▸ Actor(s): malconguerra2
▸ Sector: Fintech / BNPL (buy now, pay later)
▸ Type: Data Re-leak (update)
▸ Format: JSON, 46.5GB compressed
▸ Records: 79,006,942 transactions, 29,769 stores, 15,227 merchants
▸ Country: Venezuela
▸ Date: 07/05/2026 (data dated 21/02/2026)
Compromised data:
▪️ Transaction ID, created/billing dates
▪️ Amount and invoice ID
▪️ Paid-to-merchant flag
▪️ Identifier number
▪️ Delivery type, channel, delivery status
▪️ User identification number
▪️ Down payment paid date and status (OPEN/CLOSED)
▪️ Payment details
▪️ Full user profile: identification number, full name, phone number
▪️ Installment schedules (ID, number, scheduled payment date, amount, status)
▪️ Store ID and store name
▪️ Merchant ID and merchant name
▪️ Order products and shipment data
▪️ Status name
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is reposting and updating a leak of Cashea, a Venezuelan "buy now, pay later" app, claiming a 46.5GB JSON dataset dated 21/02/2026 with sample files including transaction history through that date. The post warns about scammers recycling earlier samples and includes a record showing customer identity, phone, and an installment payment schedule.
Post details:
▸ Actor(s): malconguerra2
▸ Sector: Fintech / BNPL (buy now, pay later)
▸ Type: Data Re-leak (update)
▸ Format: JSON, 46.5GB compressed
▸ Records: 79,006,942 transactions, 29,769 stores, 15,227 merchants
▸ Country: Venezuela
▸ Date: 07/05/2026 (data dated 21/02/2026)
Compromised data:
▪️ Transaction ID, created/billing dates
▪️ Amount and invoice ID
▪️ Paid-to-merchant flag
▪️ Identifier number
▪️ Delivery type, channel, delivery status
▪️ User identification number
▪️ Down payment paid date and status (OPEN/CLOSED)
▪️ Payment details
▪️ Full user profile: identification number, full name, phone number
▪️ Installment schedules (ID, number, scheduled payment date, amount, status)
▪️ Store ID and store name
▪️ Merchant ID and merchant name
▪️ Order products and shipment data
▪️ Status name
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇦🇺 1,169 Australian websites allegedly being sold as full panel access by a single threat actor
The threat actor claims to be selling full access to 1,169 Australian websites in their possession, delivered as a url:user:pass list that the seller says grants entry to the panels, databases, source code, and emails of each site. The listing is priced at $400.
Post details:
▸ Actor(s): NormalLeVrai (Immortal)
▸ Sector: Mixed (1,169 Australian websites)
▸ Type: Access Sale
▸ Format: url:user:pass list
▸ Price: $400 (one buyer only)
▸ Targets: 1,169 sites
▸ Country: Australia
▸ Date: 07/05/2026
Compromised data and capabilities:
▪️ Admin panel credentials for 1,169 Australian websites
▪️ Database access for each site
▪️ Source code access
▪️ Hosted email accounts and inboxes
▪️ Site configuration and stored content
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The threat actor claims to be selling full access to 1,169 Australian websites in their possession, delivered as a url:user:pass list that the seller says grants entry to the panels, databases, source code, and emails of each site. The listing is priced at $400.
Post details:
▸ Actor(s): NormalLeVrai (Immortal)
▸ Sector: Mixed (1,169 Australian websites)
▸ Type: Access Sale
▸ Format: url:user:pass list
▸ Price: $400 (one buyer only)
▸ Targets: 1,169 sites
▸ Country: Australia
▸ Date: 07/05/2026
Compromised data and capabilities:
▪️ Admin panel credentials for 1,169 Australian websites
▪️ Database access for each site
▪️ Source code access
▪️ Hosted email accounts and inboxes
▪️ Site configuration and stored content
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️Preferred Hotels & Resorts allegedly breached exposing 450,000 high-net-worth reservations across 620 hotels
A threat actor claims they exploited a vulnerability in the Preferred Hotels & Resorts Central Reservation System (CRS) in 2025 to extract roughly 450,000 reservations across about 620 hotels, then launched a denial-of-service attack to alert the company. The post states that while the vulnerability was patched, the breach was allegedly never disclosed, and the seller is now offering the data for €99 with a personal narrative aimed at the company's leadership.
Post details:
▸ Actor(s): dnacookies
▸ Sector: Hospitality / Luxury Hotels
▸ Type: Data Sale
▸ Format: Pipe-delimited records
▸ Price: €99
▸ Records: ~450,000 reservations across ~620 hotels
▸ Original incident: 2025 (CRS vulnerability)
▸ Date: 08/05/2026
Compromised data:
▪️ Hotel name and CRS confirmation number
▪️ Guest full name, prefix (Mr./Ms./Mrs.)
▪️ Reservation start date
▪️ Email address
▪️ Contact numbers
▪️ Country, state/province, city
▪️ Address line and postal code
▪️ Card type, cardholder name, card number
▪️ Card expiry date and average price
▪️ Booking currency and amount (USD, EUR, CNY, SGD, etc.)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims they exploited a vulnerability in the Preferred Hotels & Resorts Central Reservation System (CRS) in 2025 to extract roughly 450,000 reservations across about 620 hotels, then launched a denial-of-service attack to alert the company. The post states that while the vulnerability was patched, the breach was allegedly never disclosed, and the seller is now offering the data for €99 with a personal narrative aimed at the company's leadership.
Post details:
▸ Actor(s): dnacookies
▸ Sector: Hospitality / Luxury Hotels
▸ Type: Data Sale
▸ Format: Pipe-delimited records
▸ Price: €99
▸ Records: ~450,000 reservations across ~620 hotels
▸ Original incident: 2025 (CRS vulnerability)
▸ Date: 08/05/2026
Compromised data:
▪️ Hotel name and CRS confirmation number
▪️ Guest full name, prefix (Mr./Ms./Mrs.)
▪️ Reservation start date
▪️ Email address
▪️ Contact numbers
▪️ Country, state/province, city
▪️ Address line and postal code
▪️ Card type, cardholder name, card number
▪️ Card expiry date and average price
▪️ Booking currency and amount (USD, EUR, CNY, SGD, etc.)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1