‼️🇲🇽 InterLAB allegedly breached exposing data from 30 Mexican laboratories via compromised server

A threat actor claims to have compromised a server belonging to InterLAB (interlab.mx, also known as biosystem.mx), a Mexican clinical laboratory software provider, and exfiltrated data from 30 affiliated laboratories. The actor states they attempted to negotiate a deal with the company, were refused, and are now releasing the data for free. The leak contains patient records, billing data, and clinical test results captured through the platform's "Modificar Paciente" and "Captura de resultados" interfaces. Each folder in the dump corresponds to a separate laboratory, with company information stored in a datosempresa.csv file inside each.

Post details:

▸ Actor(s): Alameda_slim
▸ Sector: Healthcare / Clinical Laboratories
▸ Type: Data Breach / Server Compromise
▸ Format: CSV (multiple folders, one per lab)
▸ Price: Free
▸ Records: Data from 30 laboratories
▸ Country: Mexico
▸ Date: 11/05/2026

Compromised data:

▪️ Patient ID (Clave)
▪️ Patient name (Nombre)
▪️ Patient ID number (Cedula Pac.)
▪️ Date of birth (Fecha de Nac)
▪️ Age (Edad)
▪️ Sex (Sexo)
▪️ Blood type (Tipo Sanguineo)
▪️ Classification (Clasificación)
▪️ Credit days and credit amount (Dias Credito, Credito)
▪️ Home phone (Tel. Casa)
▪️ Mobile phone (Celular)
▪️ Address (Direccion)
▪️ Email address (E-Mail)
▪️ Access key and password (Clave de acceso, Contraseña) stored in plaintext
▪️ Family risk and medical conditions (Riesgo Familiar, Padecimientos)
▪️ Observations (Observaciones)
▪️ Billing data (RFC, Nombre, Pais, Estado, Municipio, Calle, No Exterior, No Interior, Colonia, Reg. Fiscal, Localidad, CP, Referencia)
▪️ Clinical test results including general urine exam (EGO), physical exam (color, aspect, volume), chemical exam (density, pH, proteins, glucose, ketones, hemoglobin, bilirubin, urobilinogen, leukocyte esterase, nitrites), and microscopic observation (leukocytes)
▪️ Folio number, test date, and signature field per result
▪️ Company/laboratory metadata stored in datosempresa.csv per lab

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇨🇴 Emergia Contact Center allegedly breached exposing 12 TB of data from the Colombian/Spanish BPO and 75 client companies

A threat actor, in collaboration with NyxarGroup, claims to have exfiltrated approximately 12 TB of data from Emergia Contact Center and Conalcréditos (a debt collection unit), as well as PLUS CONTACTO SERVICIOS INTEGRALES SL, operated by Albert Ollé, described as one of Spain's wealthiest businessmen.

The actor states the intrusion began by exploiting vulnerabilities in the perimeter through an obsolete Cisco ASA, pivoted into the Fortinet topology connecting Spain (Gran Canaria, Madrid, Córdoba, Catalonia) with Colombia (Bogotá, Medellín, Manizales/Pensilvania, Malambo, Davivienda), and escalated via a public Active Directory password reset portal to gain full control of corporate email (emergiacc) and the GSuite directory.

The actor maintained access until April 7 over two months of active intrusion, claims credentials were never rotated, and is selling the 12 TB dump for $3,000. The actor also alleges the leak originated from an internal source, ****************, formerly of the customer security department, and names CISO ****************, ****************, and **************** as having manipulated the incident narrative.

Post details:

▸ Actor(s): Petro_Escobar (in collaboration with NyxarGroup)
▸ Sector: BPO / Contact Center / Debt Collection
▸ Type: Data Breach / Data Sale
▸ Format: Shared resources, PST files, SFTP files, full backups
▸ Price: $3,000
▸ Records: ~12 TB across 75 compromised clients
▸ Country: Colombia / Spain
▸ Date: 11/05/2026

Compromised data:

▪️ Approximately 12 TB exfiltrated over two months of active intrusion
▪️ Shared internal resources from Emergia infrastructure
▪️ PST email archives
▪️ SFTP file transfers
▪️ Full system backups
▪️ Corporate email accounts (emergiacc)
▪️ GSuite user directory
▪️ Active Directory credentials and Kerberos data
▪️ Cisco ASA and Fortinet VPN configurations spanning Spain and Colombia
▪️ Data from 75 affiliated client companies across multiple sectors
▪️ Spanish services clients
▪️ Conalcreditos clients
▪️ Emergia CC SL clients

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️AIRDC advertised as AI-powered hidden remote desktop control tool for Windows targets

A threat actor is selling AIRDC (AI Remote Desktop Control), a tool marketed as an autonomous Windows bridge that uses a specialized LLM to translate plain-English commands into precise hardware-level inputs on a remote machine.

The actor pitches it as a "Chat-to-Action" engine that lets an operator on a phone or another PC tell the AI agent what to do and watch it navigate the target desktop in real time. The post includes a disclaimer that AIRDC is a tool for developers and automation specialists and that remote access requires proper authorization, though the advertised feature set centers on stealth persistence, kernel-level input injection, and headless background operation. Two tier-based subscriptions are offered with cryptocurrency-only payment.

Post details:

▸ Actor(s): GENERAL DARK
▸ Sector: Offensive Tooling / Remote Access
▸ Type: Tool Sale (AI-driven covert remote control)
▸ Format: Software (Windows agent)
▸ Country: Not specified
▸ Date: 11/05/2026

Service features:

▪️ Chat-to-Action engine: specialized LLM bridge translates conversational intent into hardware-level inputs on the remote desktop
▪️ Conversational Command module: direct chat interface for issuing tasks like file search, email sending, and attachment handling
▪️ Vision Engine: low-latency DXGI Frame Buffer capture with OmniParser mapping UI elements into a real-time coordinate grid
▪️ Control Core: kernel-level raw input via the Interception driver, bypassing software restrictions, with human-mimetic mouse curves
▪️ Deep Analysis: integrated Binary Ninja and Ghidra bridge to read .exe logic when the AI cannot identify a UI element
▪️ Stealth Mode: operates via Session 0 and headless virtual desktops so the AI runs in the background while the main screen stays free
▪️ Natural Language Processing: tasks issued in plain English with no programming required
▪️ Universal Compatibility: claims to work with any Windows application without API, plugins, or hooks
▪️ Autonomous Reasoning: accepts goals such as "find the latest invoice in Outlook and upload it to the CRM" and chains actions independently
▪️ Invisible Persistence: runs as a Protected Process Light (PPL) to stay hidden from standard task managers and system scans
▪️ Encrypted Tunneling: WireGuard and Tailscale integration for direct P2P encrypted connection between operator and agent
▪️ Payment: BTC, LTC, XMR, ETH
▪️ Tagline: "The Elite Autonomous Windows Bridge, See. Reason. Execute."

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations