‼️🇦🇺 1,169 Australian websites allegedly being sold as full panel access by a single threat actor
The threat actor claims to be selling full access to 1,169 Australian websites in their possession, delivered as a url:user:pass list that the seller says grants entry to the panels, databases, source code, and emails of each site. The listing is priced at $400.
Post details:
▸ Actor(s): NormalLeVrai (Immortal)
▸ Sector: Mixed (1,169 Australian websites)
▸ Type: Access Sale
▸ Format: url:user:pass list
▸ Price: $400 (one buyer only)
▸ Targets: 1,169 sites
▸ Country: Australia
▸ Date: 07/05/2026
Compromised data and capabilities:
▪️ Admin panel credentials for 1,169 Australian websites
▪️ Database access for each site
▪️ Source code access
▪️ Hosted email accounts and inboxes
▪️ Site configuration and stored content
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The threat actor claims to be selling full access to 1,169 Australian websites in their possession, delivered as a url:user:pass list that the seller says grants entry to the panels, databases, source code, and emails of each site. The listing is priced at $400.
Post details:
▸ Actor(s): NormalLeVrai (Immortal)
▸ Sector: Mixed (1,169 Australian websites)
▸ Type: Access Sale
▸ Format: url:user:pass list
▸ Price: $400 (one buyer only)
▸ Targets: 1,169 sites
▸ Country: Australia
▸ Date: 07/05/2026
Compromised data and capabilities:
▪️ Admin panel credentials for 1,169 Australian websites
▪️ Database access for each site
▪️ Source code access
▪️ Hosted email accounts and inboxes
▪️ Site configuration and stored content
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️Preferred Hotels & Resorts allegedly breached exposing 450,000 high-net-worth reservations across 620 hotels
A threat actor claims they exploited a vulnerability in the Preferred Hotels & Resorts Central Reservation System (CRS) in 2025 to extract roughly 450,000 reservations across about 620 hotels, then launched a denial-of-service attack to alert the company. The post states that while the vulnerability was patched, the breach was allegedly never disclosed, and the seller is now offering the data for €99 with a personal narrative aimed at the company's leadership.
Post details:
▸ Actor(s): dnacookies
▸ Sector: Hospitality / Luxury Hotels
▸ Type: Data Sale
▸ Format: Pipe-delimited records
▸ Price: €99
▸ Records: ~450,000 reservations across ~620 hotels
▸ Original incident: 2025 (CRS vulnerability)
▸ Date: 08/05/2026
Compromised data:
▪️ Hotel name and CRS confirmation number
▪️ Guest full name, prefix (Mr./Ms./Mrs.)
▪️ Reservation start date
▪️ Email address
▪️ Contact numbers
▪️ Country, state/province, city
▪️ Address line and postal code
▪️ Card type, cardholder name, card number
▪️ Card expiry date and average price
▪️ Booking currency and amount (USD, EUR, CNY, SGD, etc.)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims they exploited a vulnerability in the Preferred Hotels & Resorts Central Reservation System (CRS) in 2025 to extract roughly 450,000 reservations across about 620 hotels, then launched a denial-of-service attack to alert the company. The post states that while the vulnerability was patched, the breach was allegedly never disclosed, and the seller is now offering the data for €99 with a personal narrative aimed at the company's leadership.
Post details:
▸ Actor(s): dnacookies
▸ Sector: Hospitality / Luxury Hotels
▸ Type: Data Sale
▸ Format: Pipe-delimited records
▸ Price: €99
▸ Records: ~450,000 reservations across ~620 hotels
▸ Original incident: 2025 (CRS vulnerability)
▸ Date: 08/05/2026
Compromised data:
▪️ Hotel name and CRS confirmation number
▪️ Guest full name, prefix (Mr./Ms./Mrs.)
▪️ Reservation start date
▪️ Email address
▪️ Contact numbers
▪️ Country, state/province, city
▪️ Address line and postal code
▪️ Card type, cardholder name, card number
▪️ Card expiry date and average price
▪️ Booking currency and amount (USD, EUR, CNY, SGD, etc.)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️ New Dark Web Informer Blog Post!
Title: Kingdom Market Admin Sentenced to 16 Years in Prison
Link: https://darkwebinformer.com/kingdom-market-admin-sentenced-to-16-years-in-prison/
Title: Kingdom Market Admin Sentenced to 16 Years in Prison
Link: https://darkwebinformer.com/kingdom-market-admin-sentenced-to-16-years-in-prison/
Dark Web Informer
Kingdom Market Admin Sentenced to 16 Years in Prison
Alan Bill, a 33-year-old Slovakian man from Bratislava, was sentenced Thursday to 200 months (16 years and 8 months) in federal prison by U.S. District Judge Cristian M. Stevens for his role in operating Kingdom Market, a darknet marketplace that ran from…
This media is not supported in your browser
VIEW IN TELEGRAM
‼️ Dirty Frag: A Universal Linux Local Privilege Escalation via Page-Cache Write Primitives
GitHub: https://github.com/V4bel/dirtyfrag
Patches: https://almalinux.org/blog/2026-05-07-dirty-frag/
CVE-2026-43284: A page-cache write flaw in the Linux kernel's xfrm-ESP (IPsec) subsystem that lets a local user corrupt read-only file pages via in-place decryption on shared skb fragments
CVE-2026-43500: A sibling page-cache write flaw in the Linux kernel's RxRPC subsystem (AFS protocol) where the same fast-path pattern enables arbitrary plaintext writes into attacker-chosen pages, escalating to root
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/V4bel/dirtyfrag
Patches: https://almalinux.org/blog/2026-05-07-dirty-frag/
CVE-2026-43284: A page-cache write flaw in the Linux kernel's xfrm-ESP (IPsec) subsystem that lets a local user corrupt read-only file pages via in-place decryption on shared skb fragments
CVE-2026-43500: A sibling page-cache write flaw in the Linux kernel's RxRPC subsystem (AFS protocol) where the same fast-path pattern enables arbitrary plaintext writes into attacker-chosen pages, escalating to root
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
‼️ Dirty Frag: A Universal Linux Local Privilege Escalation via Page-Cache Write Primitives GitHub: https://github.com/V4bel/dirtyfrag Patches: https://almalinux.org/blog/2026-05-07-dirty-frag/ CVE-2026-43284: A page-cache write flaw in the Linux kernel's…
Credit Hyunwoo Kim // @v4bel // https://github.com/V4bel
GitHub
V4bel - Overview
V4bel has 2 repositories available. Follow their code on GitHub.
🔪 Slice For Life - Part 2 🔪
Imagine if ShinyHunters turned into Dexter. For those who don't know what Dexter is and don't understand the name of this channel that is behind it. https://en.wikipedia.org/wiki/Dexter_(TV_series). His boat name was "Slice of Life" so I named this channel Slice For Life, because some nerd already has the name.
Wikipedia
Dexter (TV series)
American crime drama television series (2006–2013)
1/2‼️🇻🇪 MAJOR CLAIM: SAIME, SAREN, and Carnet Fronterizo allegedly breached exposing 35M Venezuelan IDs, 13.4M birth certificates, and 92K border records
A threat group calling itself "L4TAMFUCKERS" claims to have breached Venezuela's interconnected SAIME (national identity), SAREN (civil registry), and Carnet de Movilidad Fronteriza (border ID) systems by chaining API exploitation, IDOR/BOLA attacks, and tunneling exfiltration through official government data channels. The post, branded "Operation Hecatombe Venezuela," advertises 35.2M biographical records, 13.4M birth certificates totaling nearly 6TB of legal documents, and 92K detailed border crossing records, with the actors stating "an entire country's identity in plaintext."
Post details:
▸ Actor(s): GordonFreeman, Izanagi, YoSoyGroot (L4TAMFUCKERS)
▸ Sector: Government / National Identity & Civil Registry
▸ Type: Data Leak
▸ Format: SQL/CSV records, PDFs, scanned documents (~6TB SAREN)
▸ Records: 35.2M SAIME + 13.4M SAREN birth certificates + 92K Carnet Fronterizo
▸ Country: Venezuela
▸ Date: 08/05/2026
Compromised data:
▪️ SAIME: Cédula ID number, full names, gender, date of birth, profession code, registration date
▪️ SAIME admin users: ID, username, email, hashed password, status, lock date, full name, second name
▪️ SAREN: 13.4M scanned birth certificates with parental data, registrar signatures, hospital and parish details
▪️ SAREN: Marriage and notarial records with seals and registry numbers
▪️ Carnet Fronterizo: Foreign ID number, cédula, nationality, full names, date of birth
▪️ Carnet Fronterizo: Gender, occupation, expiration date, border post, ID photo
▪️ Carnet Fronterizo: Email addresses, passwords, phone numbers, system registration dates
▪️ Internal API channels and identifiers used to pivot between ministries
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat group calling itself "L4TAMFUCKERS" claims to have breached Venezuela's interconnected SAIME (national identity), SAREN (civil registry), and Carnet de Movilidad Fronteriza (border ID) systems by chaining API exploitation, IDOR/BOLA attacks, and tunneling exfiltration through official government data channels. The post, branded "Operation Hecatombe Venezuela," advertises 35.2M biographical records, 13.4M birth certificates totaling nearly 6TB of legal documents, and 92K detailed border crossing records, with the actors stating "an entire country's identity in plaintext."
Post details:
▸ Actor(s): GordonFreeman, Izanagi, YoSoyGroot (L4TAMFUCKERS)
▸ Sector: Government / National Identity & Civil Registry
▸ Type: Data Leak
▸ Format: SQL/CSV records, PDFs, scanned documents (~6TB SAREN)
▸ Records: 35.2M SAIME + 13.4M SAREN birth certificates + 92K Carnet Fronterizo
▸ Country: Venezuela
▸ Date: 08/05/2026
Compromised data:
▪️ SAIME: Cédula ID number, full names, gender, date of birth, profession code, registration date
▪️ SAIME admin users: ID, username, email, hashed password, status, lock date, full name, second name
▪️ SAREN: 13.4M scanned birth certificates with parental data, registrar signatures, hospital and parish details
▪️ SAREN: Marriage and notarial records with seals and registry numbers
▪️ Carnet Fronterizo: Foreign ID number, cédula, nationality, full names, date of birth
▪️ Carnet Fronterizo: Gender, occupation, expiration date, border post, ID photo
▪️ Carnet Fronterizo: Email addresses, passwords, phone numbers, system registration dates
▪️ Internal API channels and identifiers used to pivot between ministries
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇫🇷 Fédération Française de Ball-Trap allegedly leaked exposing 5,642 member accounts from the French clay pigeon shooting federation
A threat actor claims to have leaked accounts from the Fédération Française de Ball-Trap (FFBT), the French national federation governing clay pigeon shooting, releasing the dataset for free. The post advertises 5,642 accounts including emails and password hashes, with the actor specifically noting that private moderator accounts are included in the dump.
Post details:
▸ Actor(s): NormalLeVrai
▸ Sector: Sports / Federation (clay pigeon shooting)
▸ Type: Data Leak
▸ Format: TXT (email:hash)
▸ Price: Free
▸ Records: 5,642
▸ Country: France
▸ Date: 08/05/2026
Compromised data:
▪️ Email addresses
▪️ Password hashes
▪️ Moderator account credentials
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked accounts from the Fédération Française de Ball-Trap (FFBT), the French national federation governing clay pigeon shooting, releasing the dataset for free. The post advertises 5,642 accounts including emails and password hashes, with the actor specifically noting that private moderator accounts are included in the dump.
Post details:
▸ Actor(s): NormalLeVrai
▸ Sector: Sports / Federation (clay pigeon shooting)
▸ Type: Data Leak
▸ Format: TXT (email:hash)
▸ Price: Free
▸ Records: 5,642
▸ Country: France
▸ Date: 08/05/2026
Compromised data:
▪️ Email addresses
▪️ Password hashes
▪️ Moderator account credentials
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Added another incident to the Physical Bitcoin Attacks page.
https://darkwebinformer.com/physical-bitcoin-attacks/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://darkwebinformer.com/physical-bitcoin-attacks/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Dark Web Informer
Physical Bitcoin Attacks
A comprehensive database of known physical attacks against Bitcoin and crypto asset holders occurring in meatspace.