‼️🇲🇽 Compass Imaging & Lab allegedly breached exposing 10K positive HIV, syphilis, and COVID test results from the Mexican lab
A threat actor self-described as specializing in stealing medical data claims to have breached Compass Imaging & Lab (compassimaginglab.com), a Mexican clinical laboratory, releasing the data for free after stating the lab refused to pay during a pentest negotiation. The leak contains around 10,000 records flagged positive across HIV, syphilis, COVID and other tests, with the seller claiming the data quality is higher than previous posts and including blood type, full names, and contact details.
Post details:
▸ Actor(s): Alameda_slim
▸ Sector: Healthcare / Clinical laboratory
▸ Type: Data Leak
▸ Format: CSV-style records
▸ Price: Free (reply or upgrade gated)
▸ Records: ~10,000 positive results
▸ Country: Mexico
▸ Date: 08/05/2026
Compromised data:
▪️ Full names (nombre, apellidos)
▪️ Birth date and age (edad)
▪️ Phone numbers (95% coverage)
▪️ Email (90% coverage)
▪️ Test date and result type
▪️ Result (positive/negative)
▪️ Blood type and Rh factor (Grupo Sanguíneo y Factor RH)
▪️ Test categories including ANTICUERPOS ANTI MICROSOMALES (AC. ANTI-TPO)
▪️ Internal IDs (id_resultado, id_perfil, id_paciente, id_usuario, id_examen)
▪️ Status, comments, file references, send method
▪️ Recipients (destinatarios)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor self-described as specializing in stealing medical data claims to have breached Compass Imaging & Lab (compassimaginglab.com), a Mexican clinical laboratory, releasing the data for free after stating the lab refused to pay during a pentest negotiation. The leak contains around 10,000 records flagged positive across HIV, syphilis, COVID and other tests, with the seller claiming the data quality is higher than previous posts and including blood type, full names, and contact details.
Post details:
▸ Actor(s): Alameda_slim
▸ Sector: Healthcare / Clinical laboratory
▸ Type: Data Leak
▸ Format: CSV-style records
▸ Price: Free (reply or upgrade gated)
▸ Records: ~10,000 positive results
▸ Country: Mexico
▸ Date: 08/05/2026
Compromised data:
▪️ Full names (nombre, apellidos)
▪️ Birth date and age (edad)
▪️ Phone numbers (95% coverage)
▪️ Email (90% coverage)
▪️ Test date and result type
▪️ Result (positive/negative)
▪️ Blood type and Rh factor (Grupo Sanguíneo y Factor RH)
▪️ Test categories including ANTICUERPOS ANTI MICROSOMALES (AC. ANTI-TPO)
▪️ Internal IDs (id_resultado, id_perfil, id_paciente, id_usuario, id_examen)
▪️ Status, comments, file references, send method
▪️ Recipients (destinatarios)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ LAPSUS$ Group has added a yet to be named victim
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇪🇨 SALUDSA allegedly breached exposing 35K+ medical records and employee access from the Ecuadorian health insurance provider
A threat actor claims to have exfiltrated sensitive medical data from SALUDSA, an Ecuadorian health insurance company, in collaboration with a group called OXteams. The post advertises 35,000+ records covering email subscribers, insured individuals, plans, and purchase history, releases a 30K+ free download, and includes screenshots of an alleged employee access management panel with corporate emails and account states.
Post details:
▸ Actor(s): GondorPe (with OXteams)
▸ Sector: Healthcare / Health insurance
▸ Type: Data Leak with admin panel exposure
▸ Format: JSON / mixed records
▸ Price: Free
▸ Records: 35,000+ (25,277 emails, 11,120 individuals)
▸ Country: Ecuador
▸ Date: 08/05/2026
Compromised data:
▪️ Email addresses (25,277)
▪️ Cell phone numbers
▪️ Age and gender
▪️ Pre-existing medical conditions
▪️ Quoted insurance plan
▪️ Family role (primary, spouse, child, etc.)
▪️ ID / Passport number (11,120 individuals)
▪️ Full names and last names
▪️ Marital status
▪️ Health insurance product enrollment (Práctico, Ideal, Élite, Privilegio, Oncocare)
▪️ Completed purchase transactions
▪️ Company emails (alert and free types)
▪️ Employee access management panel (usernames, corporate emails, account state, last login)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have exfiltrated sensitive medical data from SALUDSA, an Ecuadorian health insurance company, in collaboration with a group called OXteams. The post advertises 35,000+ records covering email subscribers, insured individuals, plans, and purchase history, releases a 30K+ free download, and includes screenshots of an alleged employee access management panel with corporate emails and account states.
Post details:
▸ Actor(s): GondorPe (with OXteams)
▸ Sector: Healthcare / Health insurance
▸ Type: Data Leak with admin panel exposure
▸ Format: JSON / mixed records
▸ Price: Free
▸ Records: 35,000+ (25,277 emails, 11,120 individuals)
▸ Country: Ecuador
▸ Date: 08/05/2026
Compromised data:
▪️ Email addresses (25,277)
▪️ Cell phone numbers
▪️ Age and gender
▪️ Pre-existing medical conditions
▪️ Quoted insurance plan
▪️ Family role (primary, spouse, child, etc.)
▪️ ID / Passport number (11,120 individuals)
▪️ Full names and last names
▪️ Marital status
▪️ Health insurance product enrollment (Práctico, Ideal, Élite, Privilegio, Oncocare)
▪️ Completed purchase transactions
▪️ Company emails (alert and free types)
▪️ Employee access management panel (usernames, corporate emails, account state, last login)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇳 BLS International allegedly breached exposing 29 million records, source code, and SSH keys from the Indian visa services giant
A threat actor claims to be selling databases, backend source code, Amazon S3 bucket dumps, MySQL ROOT access, and SSH private keys belonging to BLS International, an Indian multinational handling visa, passport, consular, biometrics, and citizen services for governments and embassies worldwide. The post lists 14 country/service-specific databases totaling around 29 million rows with 28GB of compressed data and shows folders of customer passport scans, ID cards, and biometric photos staged for individual applicants.
Post details:
▸ Actor(s): scatt3r
▸ Sector: Government services / Visa & passport processing
▸ Type: Data Sale + Access Sale
▸ Format: SQL databases, source code, S3 bucket dumps, SSH private keys, image folders (28GB compressed)
▸ Price: Negotiable
▸ Records: ~29,000,000 rows
▸ Country: India (multinational scope)
▸ Date: 09/05/2026
Affected database folders:
▪️ db_IndiaKuwait (130 tables)
▪️ db_IndiaCanada_Appointment (36 tables)
▪️ db_IndiaUAE_Appointment (32 tables)
▪️ db_IndiaSpain (102 tables)
▪️ db_PolandPhil_Appointment (56 tables)
▪️ db_IndiaSingapore_Appointment (34 tables)
▪️ db_BrazilLebanon_Backend (56 tables)
▪️ db_IndiaMalayia (58 tables)
▪️ db_IndiaHongkong_Ap (32 tables)
▪️ db_BrazilLebanon_Appointment (35 tables)
▪️ mysql (37 tables)
▪️ gdit_canada (69 tables)
▪️ singapore_orderform (7 tables)
▪️ db_IndiaChina_Appointment (31 tables)
Compromised data and assets:
▪️ Backend source code of the BLS International web application (PHP, configs, htaccess, mailers)
▪️ Amazon S3 bucket dumps with customer document folders
▪️ Passport scans and applications (PassportApplication folders)
▪️ National ID cards, residence permits, and biometric face photos
▪️ Liveness videos recorded during in-person appointments via OzForensics
▪️ Customer appointment data tied to per-applicant CUST_ folder IDs
▪️ Private API keys, SMTP keys, SMS API keys
▪️ MySQL ROOT access and SSH private keys to backend servers
▪️ Internal admin and CMS templates, captcha system, vendor packages
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling databases, backend source code, Amazon S3 bucket dumps, MySQL ROOT access, and SSH private keys belonging to BLS International, an Indian multinational handling visa, passport, consular, biometrics, and citizen services for governments and embassies worldwide. The post lists 14 country/service-specific databases totaling around 29 million rows with 28GB of compressed data and shows folders of customer passport scans, ID cards, and biometric photos staged for individual applicants.
Post details:
▸ Actor(s): scatt3r
▸ Sector: Government services / Visa & passport processing
▸ Type: Data Sale + Access Sale
▸ Format: SQL databases, source code, S3 bucket dumps, SSH private keys, image folders (28GB compressed)
▸ Price: Negotiable
▸ Records: ~29,000,000 rows
▸ Country: India (multinational scope)
▸ Date: 09/05/2026
Affected database folders:
▪️ db_IndiaKuwait (130 tables)
▪️ db_IndiaCanada_Appointment (36 tables)
▪️ db_IndiaUAE_Appointment (32 tables)
▪️ db_IndiaSpain (102 tables)
▪️ db_PolandPhil_Appointment (56 tables)
▪️ db_IndiaSingapore_Appointment (34 tables)
▪️ db_BrazilLebanon_Backend (56 tables)
▪️ db_IndiaMalayia (58 tables)
▪️ db_IndiaHongkong_Ap (32 tables)
▪️ db_BrazilLebanon_Appointment (35 tables)
▪️ mysql (37 tables)
▪️ gdit_canada (69 tables)
▪️ singapore_orderform (7 tables)
▪️ db_IndiaChina_Appointment (31 tables)
Compromised data and assets:
▪️ Backend source code of the BLS International web application (PHP, configs, htaccess, mailers)
▪️ Amazon S3 bucket dumps with customer document folders
▪️ Passport scans and applications (PassportApplication folders)
▪️ National ID cards, residence permits, and biometric face photos
▪️ Liveness videos recorded during in-person appointments via OzForensics
▪️ Customer appointment data tied to per-applicant CUST_ folder IDs
▪️ Private API keys, SMTP keys, SMS API keys
▪️ MySQL ROOT access and SSH private keys to backend servers
▪️ Internal admin and CMS templates, captcha system, vendor packages
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇳🇬 Mrs Holdings has been claimed a victim to Killsec Ransomware
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇨🇦 CarePoint Health allegedly listed on Genesis ransomware leak site with 70GB countdown
The Genesis ransomware group has added CarePoint Health (carepointhealth.ca) to its leak site, posting a countdown timer of roughly 4 days before publication. The group claims to hold 70GB of medical, operational, and financial data, along with content from the company's fileserver, and links to a downloadable list of company files.
Post details:
▸ Actor(s): Genesis (ransomware group)
▸ Sector: Healthcare / Physician network
▸ Type: Ransomware / Extortion (countdown active)
▸ Volume: ~70GB
▸ Country: Canada
▸ Date: 08/05/2026
Compromised data:
▪️ Medical data
▪️ Operational data
▪️ Financial data
▪️ Files exfiltrated from the company fileserver
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The Genesis ransomware group has added CarePoint Health (carepointhealth.ca) to its leak site, posting a countdown timer of roughly 4 days before publication. The group claims to hold 70GB of medical, operational, and financial data, along with content from the company's fileserver, and links to a downloadable list of company files.
Post details:
▸ Actor(s): Genesis (ransomware group)
▸ Sector: Healthcare / Physician network
▸ Type: Ransomware / Extortion (countdown active)
▸ Volume: ~70GB
▸ Country: Canada
▸ Date: 08/05/2026
Compromised data:
▪️ Medical data
▪️ Operational data
▪️ Financial data
▪️ Files exfiltrated from the company fileserver
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😁1
🔪 Slice For Life - Part 2 🔪
Scraper script for the threat feed stopped working a couple of hours ago. I was away adulting, its back up and catching up to the posts. Looking at further redundancy to make sure it restarts properly when needed. ________________________________________ …
Found the issue. Wasn't related to the threat feed scripts. Was a new script used for Ransomware scraping. A scheduled job that takes screenshots was getting stuck and not finishing before the next one started, so copies kept piling up, over a hundred of them to be honest, which caused the server to go to 99%.
Cleared the stuck processes and added safeguards to this new script and cron so only one can run at a time, and any that hangs gets killed automatically after a few minutes.
Everything should be caught up by the end of this cycle.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Cleared the stuck processes and added safeguards to this new script and cron so only one can run at a time, and any that hangs gets killed automatically after a few minutes.
Everything should be caught up by the end of this cycle.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Telegram
🔪 Slice For Life - Part 2 🔪
Backup: t.me/SliceForLifeeee
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
‼️🇬🇧 Arup Group allegedly breached by FulcrumSec exposing 700GB of GitHub repos and 2TB of Azure cloud data
A threat group operating under the name FulcrumSec has added a leak dubbed "The Arup Leaks" targeting Arup Group, the British engineering consultancy founded by Sir Ove Arup with around 17,000 employees across 90 offices and behind landmarks like the Sydney Opera House, Pompidou Centre, and Beijing's CCTV Headquarters. The actor claims to have spent close to half a year analyzing the data and went through email correspondence with the company before publishing, releasing GitHub repos via a .onion link and pointing to a separate archive list for Azure, S3, and database backups.
Post details:
▸ Actor(s): FulcrumSec
▸ Sector: Engineering / Architectural consultancy
▸ Type: Data Leak (dedicated leak site)
▸ Format: ~377GB compressed GitHub repos + ~2TB Azure Blob, AWS S3, DB backups
▸ Price: Free
▸ Country: United Kingdom (multinational scope)
▸ Date: 09/05/2026
Compromised data:
▪️ Over 700GB of private GitHub repositories (9,880+ private repos)
▪️ Nearly 2TB of Azure Blob Storage, AWS S3 buckets, and database backups
▪️ 39 Neuron BMS client databases
▪️ 49GB of Odoo ERP data
▪️ 129,000+ A66 landowner files
▪️ 313,650 ICC surveillance records
▪️ 37,835 Queensferry Crossing internal documents
▪️ Apple code-signing certificates with plaintext passwords
▪️ Complete ArupCompute and Oasys source code
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat group operating under the name FulcrumSec has added a leak dubbed "The Arup Leaks" targeting Arup Group, the British engineering consultancy founded by Sir Ove Arup with around 17,000 employees across 90 offices and behind landmarks like the Sydney Opera House, Pompidou Centre, and Beijing's CCTV Headquarters. The actor claims to have spent close to half a year analyzing the data and went through email correspondence with the company before publishing, releasing GitHub repos via a .onion link and pointing to a separate archive list for Azure, S3, and database backups.
Post details:
▸ Actor(s): FulcrumSec
▸ Sector: Engineering / Architectural consultancy
▸ Type: Data Leak (dedicated leak site)
▸ Format: ~377GB compressed GitHub repos + ~2TB Azure Blob, AWS S3, DB backups
▸ Price: Free
▸ Country: United Kingdom (multinational scope)
▸ Date: 09/05/2026
Compromised data:
▪️ Over 700GB of private GitHub repositories (9,880+ private repos)
▪️ Nearly 2TB of Azure Blob Storage, AWS S3 buckets, and database backups
▪️ 39 Neuron BMS client databases
▪️ 49GB of Odoo ERP data
▪️ 129,000+ A66 landowner files
▪️ 313,650 ICC surveillance records
▪️ 37,835 Queensferry Crossing internal documents
▪️ Apple code-signing certificates with plaintext passwords
▪️ Complete ArupCompute and Oasys source code
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😈1
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Unoaerre
Domain:
Country: 🇮🇹 IT
Date: May 9th, 2026
Summary:
Unoaerre, a silversmithing company, fell victim to a cyberattack that paralyzed its operating system, prompting cybercriminals to demand a ransom of 3.8 million euros in bitcoin. Initial investigations suggest the attack may have links to countries in the Middle East and Eastern Europe. Despite the disruption, preliminary assessments indicate that the damage may not be irreversible and that production could resume.
Source: https://www.lanazione.it/arezzo/cronaca/attacco-hacker-unoaerre-p5f5bo2d
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Unoaerre
Domain:
unoaerre.itCountry: 🇮🇹 IT
Date: May 9th, 2026
Summary:
Unoaerre, a silversmithing company, fell victim to a cyberattack that paralyzed its operating system, prompting cybercriminals to demand a ransom of 3.8 million euros in bitcoin. Initial investigations suggest the attack may have links to countries in the Middle East and Eastern Europe. Despite the disruption, preliminary assessments indicate that the damage may not be irreversible and that production could resume.
Source: https://www.lanazione.it/arezzo/cronaca/attacco-hacker-unoaerre-p5f5bo2d
La Nazione
Blitz dei pirati informatici. Attacco alla Unoaerre: “Dateci 3,8 milioni in bitcoin”
Hacker paralizzano il sistema operativo della grande azienda orafa aretina. Poi il messaggio: “Pagate 3,8 milioni di euro in bitcoin per sbloccare tutto”. Le indagini porterebbero a triangolazioni fra Paesi arabi e dell’Europa dell’Est
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Scope Systems
Domain:
Country: 🇦🇺 AU
Date: May 6th, 2026
Summary:
Several Australian mining companies are experiencing difficulties following a major cyberattack targeting a software provider in the sector, with a ransom demand issued. Among the potentially affected companies are Northern Star Resources and Evolution Mining, two of the country's largest gold miners. These companies are currently working to restore access to their critical technology systems.
Source: https://www.afr.com/technology/miners-data-targeted-as-hackers-hold-software-provider-to-ransom-20260508-p5zv16
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Scope Systems
Domain:
scopesystems.com.auCountry: 🇦🇺 AU
Date: May 6th, 2026
Summary:
Several Australian mining companies are experiencing difficulties following a major cyberattack targeting a software provider in the sector, with a ransom demand issued. Among the potentially affected companies are Northern Star Resources and Evolution Mining, two of the country's largest gold miners. These companies are currently working to restore access to their critical technology systems.
Source: https://www.afr.com/technology/miners-data-targeted-as-hackers-hold-software-provider-to-ransom-20260508-p5zv16
Australian Financial Review
Miners’ data targeted as hackers hold software provider to ransom
Northern Star and Evolution Mining, the nation’s two biggest listed gold miners, are thought to be users of the Pronto Xi program that was hit.
🔥1
‼️🇪🇬 Mansoura University allegedly breached exposing 10GB+ of student data, research, and internal documents
A threat actor, posting in collaboration with CrowStealer, quellostanco, and bigF, claims to be selling a breach of Mansoura University, described in the post as one of the oldest and largest universities in Egypt. The package totals over 10GB and includes nearly 989,000 student records spanning 2012 to 2025/2026, plus thousands of research and internal PDFs and student photos.
Post details:
▸ Actor(s): INT3X (with CrowStealer, quellostanco, bigF)
▸ Sector: Education / University
▸ Type: Data Sale
▸ Format: CSV, PDF, image files
▸ Price: Negotiable (no data exchange accepted)
▸ Records: ~989,000 students + 3,853 research docs + 1,547 internal docs + 600MB student images
▸ Country: Egypt
▸ Date: 10/05/2026
Compromised data:
▪️ Username, Arabic name, English name
▪️ National ID number
▪️ Password and email
▪️ Language preference
▪️ University, faculty, year level
▪️ Enrollment status, study year, courses
▪️ 3,853 research PDFs and images (4.96GB)
▪️ 1,547 internal PDFs and images (3.72GB)
▪️ Student photographs (600MB)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor, posting in collaboration with CrowStealer, quellostanco, and bigF, claims to be selling a breach of Mansoura University, described in the post as one of the oldest and largest universities in Egypt. The package totals over 10GB and includes nearly 989,000 student records spanning 2012 to 2025/2026, plus thousands of research and internal PDFs and student photos.
Post details:
▸ Actor(s): INT3X (with CrowStealer, quellostanco, bigF)
▸ Sector: Education / University
▸ Type: Data Sale
▸ Format: CSV, PDF, image files
▸ Price: Negotiable (no data exchange accepted)
▸ Records: ~989,000 students + 3,853 research docs + 1,547 internal docs + 600MB student images
▸ Country: Egypt
▸ Date: 10/05/2026
Compromised data:
▪️ Username, Arabic name, English name
▪️ National ID number
▪️ Password and email
▪️ Language preference
▪️ University, faculty, year level
▪️ Enrollment status, study year, courses
▪️ 3,853 research PDFs and images (4.96GB)
▪️ 1,547 internal PDFs and images (3.72GB)
▪️ Student photographs (600MB)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇩 Kota Gunungsitoli local government allegedly leaked exposing employee records from the Indonesian city's database
A threat actor claims to have leaked a database belonging to the Kota Gunungsitoli local government (gunungsitolikota.go.id) in Indonesia. The sample shows civil servant records with names, NIP employee IDs, birth details, ranks, and links to internal pejabat_pegawai photo paths.
Post details:
▸ Actor(s): JAX7
▸ Sector: Government / Municipal
▸ Type: Data Leak
▸ Format: SQL records
▸ Price: Free
▸ Country: Indonesia (Kota Gunungsitoli)
▸ Date: 10/05/2026
Compromised data:
▪️ Internal record ID
▪️ Full name (nama)
▪️ NIP (employee identification number)
▪️ Place of birth (temlahir) and date of birth (tgllahir)
▪️ Rank/class (gol)
▪️ Position/title (jab)
▪️ Department or unit (dik)
▪️ Internal photo file paths (pejabat_pegawai images)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database belonging to the Kota Gunungsitoli local government (gunungsitolikota.go.id) in Indonesia. The sample shows civil servant records with names, NIP employee IDs, birth details, ranks, and links to internal pejabat_pegawai photo paths.
Post details:
▸ Actor(s): JAX7
▸ Sector: Government / Municipal
▸ Type: Data Leak
▸ Format: SQL records
▸ Price: Free
▸ Country: Indonesia (Kota Gunungsitoli)
▸ Date: 10/05/2026
Compromised data:
▪️ Internal record ID
▪️ Full name (nama)
▪️ NIP (employee identification number)
▪️ Place of birth (temlahir) and date of birth (tgllahir)
▪️ Rank/class (gol)
▪️ Position/title (jab)
▪️ Department or unit (dik)
▪️ Internal photo file paths (pejabat_pegawai images)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ German Authorities Shut Down Revived "Crimenetwork" Platform, Arrest Operator on Mallorca
https://www.bustedagaincrime.network/
German law enforcement has dismantled the relaunched version of the criminal online marketplace "Crimenetwork" and arrested its alleged operator on the Spanish island of Mallorca, the Federal Criminal Police Office (BKA) and the Frankfurt Public Prosecutor's Office's cybercrime unit (ZIT) announced on May 8, 2026.
The suspect, a 35-year-old German citizen, was detained at his Mallorca residence by a special unit of the Spanish National Police on the basis of a European arrest warrant. According to investigators, the man rebuilt an entirely new technical infrastructure under the same "Crimenetwork" name within days of the December 2024 takedown of the original platform and the arrest of its previous administrator. Spanish authorities executed two European arrest warrants against him, covering allegations of organized commercial fraud as well as the operation of a criminal trading platform on the darknet, and he is reportedly being held in Spanish extradition custody.
The reconstituted marketplace had grown into a substantial illicit operation before being shuttered. According to police, the platform most recently counted more than 22,000 users and over 100 sellers, who traded in stolen data, drugs, and forged documents. Users settled transactions in cryptocurrencies including Bitcoin, Litecoin, and Monero, and evidence seized during the operation points to platform revenues exceeding 3.6 million euros, with the operator collecting commissions on sales while sellers paid monthly fees for advertising and sales licenses.
Authorities provisionally secured assets of roughly 194,000 euros directly tied to "Crimenetwork" and obtained extensive user and transaction data expected to fuel further investigations. The case follows the recent sentencing of the original platform's administrator: in March 2026, the Gießen Regional Court handed down a prison term of seven years and ten months and ordered the confiscation of more than ten million euros in criminal proceeds, though the verdict is not yet final.
BKA Cybercrime division head Carsten Meywirth framed the action bluntly, saying the relaunch of Crimenetwork had failed and that another administrator would now have to answer to a German court, a reminder, he said, that "cybercrime does not pay."
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.bustedagaincrime.network/
German law enforcement has dismantled the relaunched version of the criminal online marketplace "Crimenetwork" and arrested its alleged operator on the Spanish island of Mallorca, the Federal Criminal Police Office (BKA) and the Frankfurt Public Prosecutor's Office's cybercrime unit (ZIT) announced on May 8, 2026.
The suspect, a 35-year-old German citizen, was detained at his Mallorca residence by a special unit of the Spanish National Police on the basis of a European arrest warrant. According to investigators, the man rebuilt an entirely new technical infrastructure under the same "Crimenetwork" name within days of the December 2024 takedown of the original platform and the arrest of its previous administrator. Spanish authorities executed two European arrest warrants against him, covering allegations of organized commercial fraud as well as the operation of a criminal trading platform on the darknet, and he is reportedly being held in Spanish extradition custody.
The reconstituted marketplace had grown into a substantial illicit operation before being shuttered. According to police, the platform most recently counted more than 22,000 users and over 100 sellers, who traded in stolen data, drugs, and forged documents. Users settled transactions in cryptocurrencies including Bitcoin, Litecoin, and Monero, and evidence seized during the operation points to platform revenues exceeding 3.6 million euros, with the operator collecting commissions on sales while sellers paid monthly fees for advertising and sales licenses.
Authorities provisionally secured assets of roughly 194,000 euros directly tied to "Crimenetwork" and obtained extensive user and transaction data expected to fuel further investigations. The case follows the recent sentencing of the original platform's administrator: in March 2026, the Gießen Regional Court handed down a prison term of seven years and ten months and ordered the confiscation of more than ten million euros in criminal proceeds, though the verdict is not yet final.
BKA Cybercrime division head Carsten Meywirth framed the action bluntly, saying the relaunch of Crimenetwork had failed and that another administrator would now have to answer to a German court, a reminder, he said, that "cybercrime does not pay."
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😭1