‼️🇨🇴 Emergia Contact Center allegedly breached exposing 12 TB of data from the Colombian/Spanish BPO and 75 client companies
A threat actor, in collaboration with NyxarGroup, claims to have exfiltrated approximately 12 TB of data from Emergia Contact Center and Conalcréditos (a debt collection unit), as well as PLUS CONTACTO SERVICIOS INTEGRALES SL, operated by Albert Ollé, described as one of Spain's wealthiest businessmen.
The actor states the intrusion began by exploiting vulnerabilities in the perimeter through an obsolete Cisco ASA, pivoted into the Fortinet topology connecting Spain (Gran Canaria, Madrid, Córdoba, Catalonia) with Colombia (Bogotá, Medellín, Manizales/Pensilvania, Malambo, Davivienda), and escalated via a public Active Directory password reset portal to gain full control of corporate email (emergiacc) and the GSuite directory.
The actor maintained access until April 7 over two months of active intrusion, claims credentials were never rotated, and is selling the 12 TB dump for $3,000. The actor also alleges the leak originated from an internal source, ****************, formerly of the customer security department, and names CISO ****************, ****************, and **************** as having manipulated the incident narrative.
Post details:
▸ Actor(s): Petro_Escobar (in collaboration with NyxarGroup)
▸ Sector: BPO / Contact Center / Debt Collection
▸ Type: Data Breach / Data Sale
▸ Format: Shared resources, PST files, SFTP files, full backups
▸ Price: $3,000
▸ Records: ~12 TB across 75 compromised clients
▸ Country: Colombia / Spain
▸ Date: 11/05/2026
Compromised data:
▪️ Approximately 12 TB exfiltrated over two months of active intrusion
▪️ Shared internal resources from Emergia infrastructure
▪️ PST email archives
▪️ SFTP file transfers
▪️ Full system backups
▪️ Corporate email accounts (emergiacc)
▪️ GSuite user directory
▪️ Active Directory credentials and Kerberos data
▪️ Cisco ASA and Fortinet VPN configurations spanning Spain and Colombia
▪️ Data from 75 affiliated client companies across multiple sectors
▪️ Spanish services clients
▪️ Conalcreditos clients
▪️ Emergia CC SL clients
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor, in collaboration with NyxarGroup, claims to have exfiltrated approximately 12 TB of data from Emergia Contact Center and Conalcréditos (a debt collection unit), as well as PLUS CONTACTO SERVICIOS INTEGRALES SL, operated by Albert Ollé, described as one of Spain's wealthiest businessmen.
The actor states the intrusion began by exploiting vulnerabilities in the perimeter through an obsolete Cisco ASA, pivoted into the Fortinet topology connecting Spain (Gran Canaria, Madrid, Córdoba, Catalonia) with Colombia (Bogotá, Medellín, Manizales/Pensilvania, Malambo, Davivienda), and escalated via a public Active Directory password reset portal to gain full control of corporate email (emergiacc) and the GSuite directory.
The actor maintained access until April 7 over two months of active intrusion, claims credentials were never rotated, and is selling the 12 TB dump for $3,000. The actor also alleges the leak originated from an internal source, ****************, formerly of the customer security department, and names CISO ****************, ****************, and **************** as having manipulated the incident narrative.
Post details:
▸ Actor(s): Petro_Escobar (in collaboration with NyxarGroup)
▸ Sector: BPO / Contact Center / Debt Collection
▸ Type: Data Breach / Data Sale
▸ Format: Shared resources, PST files, SFTP files, full backups
▸ Price: $3,000
▸ Records: ~12 TB across 75 compromised clients
▸ Country: Colombia / Spain
▸ Date: 11/05/2026
Compromised data:
▪️ Approximately 12 TB exfiltrated over two months of active intrusion
▪️ Shared internal resources from Emergia infrastructure
▪️ PST email archives
▪️ SFTP file transfers
▪️ Full system backups
▪️ Corporate email accounts (emergiacc)
▪️ GSuite user directory
▪️ Active Directory credentials and Kerberos data
▪️ Cisco ASA and Fortinet VPN configurations spanning Spain and Colombia
▪️ Data from 75 affiliated client companies across multiple sectors
▪️ Spanish services clients
▪️ Conalcreditos clients
▪️ Emergia CC SL clients
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇺🇸 Qilin Ransomware Claims Keller Williams Real Estate - Exton County as a Victim
No samples.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
No samples.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: SAWTAD Allegedly Leaked Exposing 2,211 Files (2.19 GB) of SAW Sensor Diaper Tech R&D and SPMet Metrology Archive
Link: https://darkwebinformer.com/sawtad-allegedly-leaked-exposing-2-211-files-2-19-gb-of-saw-sensor-diaper-tech-r-d-and-spmet-metrology-archive/
Title: SAWTAD Allegedly Leaked Exposing 2,211 Files (2.19 GB) of SAW Sensor Diaper Tech R&D and SPMet Metrology Archive
Link: https://darkwebinformer.com/sawtad-allegedly-leaked-exposing-2-211-files-2-19-gb-of-saw-sensor-diaper-tech-r-d-and-spmet-metrology-archive/
Dark Web Informer
SAWTAD Allegedly Leaked Exposing 2,211 Files (2.19 GB) of SAW Sensor Diaper Tech R&D and SPMet Metrology Archive
A threat actor is selling a full archive described as one of the deepest technical leaks in the field of Surface Acoustic Wave (SAW) sensors and their application in smart diapers (Smart Diaper / Wetness Sensing).
‼️ CB FINANCIAL SERVICES, INC. has filed form 8-k due to a cybersecurity incident
https://www.stocktitan.net/sec-filings/CBFV/8-k-cb-financial-services-inc-reports-material-event-9d71c207862a.html
"On May 5, 2026, Community Bank (the “Bank”), the wholly-owned subsidiary of CB Financial Services, Inc. (the “Company”), became aware of an internal incident involving the handling of certain non‑public customer information using an unauthorized artificial intelligence-based software application. Upon discovery, the Bank promptly took steps to secure the information at issue and initiated an internal investigation with the assistance of external cybersecurity advisors. The investigation into the incident, including the scope and root cause, remains ongoing.
The incident did not involve a disruption to the Bank's operations, customer access to accounts or services, payment systems, or core information technology infrastructure; however, due to the volume and sensitive nature of the non-public information at issue, on May 7, 2026, the Company determined the event to be material. Among the customer information the Bank has determined was disclosed are customer names, social security numbers and dates of birth.
The Company is evaluating the customer data that was affected and is conducting notifications as required by applicable federal and state laws and regulatory guidance. The Company has been, and continues to be, in communication with relevant banking and financial regulators regarding the incident.
The Company has taken, and continues to take, actions designed to contain and remediate the incident. The Company remains committed to protecting its customers' data and is taking measures designed to prevent future similar incidents, including but not limited to, strengthening existing controls, implementing additional controls and enhancing monitoring measures.
As of the date of this disclosure, this incident has not had, and is not expected to have, a material impact on the Company’s consolidated financial condition or results of operations."
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.stocktitan.net/sec-filings/CBFV/8-k-cb-financial-services-inc-reports-material-event-9d71c207862a.html
"On May 5, 2026, Community Bank (the “Bank”), the wholly-owned subsidiary of CB Financial Services, Inc. (the “Company”), became aware of an internal incident involving the handling of certain non‑public customer information using an unauthorized artificial intelligence-based software application. Upon discovery, the Bank promptly took steps to secure the information at issue and initiated an internal investigation with the assistance of external cybersecurity advisors. The investigation into the incident, including the scope and root cause, remains ongoing.
The incident did not involve a disruption to the Bank's operations, customer access to accounts or services, payment systems, or core information technology infrastructure; however, due to the volume and sensitive nature of the non-public information at issue, on May 7, 2026, the Company determined the event to be material. Among the customer information the Bank has determined was disclosed are customer names, social security numbers and dates of birth.
The Company is evaluating the customer data that was affected and is conducting notifications as required by applicable federal and state laws and regulatory guidance. The Company has been, and continues to be, in communication with relevant banking and financial regulators regarding the incident.
The Company has taken, and continues to take, actions designed to contain and remediate the incident. The Company remains committed to protecting its customers' data and is taking measures designed to prevent future similar incidents, including but not limited to, strengthening existing controls, implementing additional controls and enhancing monitoring measures.
As of the date of this disclosure, this incident has not had, and is not expected to have, a material impact on the Company’s consolidated financial condition or results of operations."
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇫🇷 La Suite Numérique allegedly breached exposing over 18 million records from the French government digital workspace
A threat actor claims to have exfiltrated over 18 million records from La Suite Numérique, the official digital workspace and collaboration suite operated by the French government's Direction Interministérielle du Numérique (DINUM). The actor is selling the data via Telegram and is offering a free sample of up to 5,000 lines on request.
Post details:
▸ Actor(s): exclode
▸ Sector: Government / Digital Services
▸ Type: Data Sale
▸ Format: Not specified
▸ Price: Not disclosed (selling, sample available)
▸ Records: 18,000,000+
▸ Country: France
▸ Date: 11/05/2026
Compromised data:
▪️ Over 18 million records exfiltrated from La Suite Numérique
▪️ Specific field structure not disclosed in the post
▪️ Sample of up to 5,000 lines offered for free on request
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have exfiltrated over 18 million records from La Suite Numérique, the official digital workspace and collaboration suite operated by the French government's Direction Interministérielle du Numérique (DINUM). The actor is selling the data via Telegram and is offering a free sample of up to 5,000 lines on request.
Post details:
▸ Actor(s): exclode
▸ Sector: Government / Digital Services
▸ Type: Data Sale
▸ Format: Not specified
▸ Price: Not disclosed (selling, sample available)
▸ Records: 18,000,000+
▸ Country: France
▸ Date: 11/05/2026
Compromised data:
▪️ Over 18 million records exfiltrated from La Suite Numérique
▪️ Specific field structure not disclosed in the post
▪️ Sample of up to 5,000 lines offered for free on request
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: KAMS PARIS Allegedly Breached Exposing 187,927 Customer Records From the French Niche Perfumery
Link: https://darkwebinformer.com/kams-paris-allegedly-breached-exposing-187-927-customer-records-from-the-french-niche-perfumery/
Title: KAMS PARIS Allegedly Breached Exposing 187,927 Customer Records From the French Niche Perfumery
Link: https://darkwebinformer.com/kams-paris-allegedly-breached-exposing-187-927-customer-records-from-the-french-niche-perfumery/
Dark Web Informer
KAMS PARIS Allegedly Breached Exposing 187,927 Customer Records From the French Niche Perfumery
A threat actor is selling the customer database of KAMS PARIS, a Parisian niche perfumery founded in 1960 and located at 6 Avenue de l’Opéra, specializing in rare niche perfumes, skincare, and beauty products with delivery across Europe.
‼️ The hacked data of The Gentlemen Ransomware is up for sale for $10K BTC.
https://x.com/DarkWebInformer/status/2053955979499180507
https://x.com/DarkWebInformer/status/2053955979499180507
X (formerly Twitter)
Dark Web Informer (@DarkWebInformer) on X
‼️ The hacked data of The Gentlemen Ransomware is up for sale for $10K BTC.
‼️AIRDC advertised as AI-powered hidden remote desktop control tool for Windows targets
A threat actor is selling AIRDC (AI Remote Desktop Control), a tool marketed as an autonomous Windows bridge that uses a specialized LLM to translate plain-English commands into precise hardware-level inputs on a remote machine.
The actor pitches it as a "Chat-to-Action" engine that lets an operator on a phone or another PC tell the AI agent what to do and watch it navigate the target desktop in real time. The post includes a disclaimer that AIRDC is a tool for developers and automation specialists and that remote access requires proper authorization, though the advertised feature set centers on stealth persistence, kernel-level input injection, and headless background operation. Two tier-based subscriptions are offered with cryptocurrency-only payment.
Post details:
▸ Actor(s): GENERAL DARK
▸ Sector: Offensive Tooling / Remote Access
▸ Type: Tool Sale (AI-driven covert remote control)
▸ Format: Software (Windows agent)
▸ Country: Not specified
▸ Date: 11/05/2026
Service features:
▪️ Chat-to-Action engine: specialized LLM bridge translates conversational intent into hardware-level inputs on the remote desktop
▪️ Conversational Command module: direct chat interface for issuing tasks like file search, email sending, and attachment handling
▪️ Vision Engine: low-latency DXGI Frame Buffer capture with OmniParser mapping UI elements into a real-time coordinate grid
▪️ Control Core: kernel-level raw input via the Interception driver, bypassing software restrictions, with human-mimetic mouse curves
▪️ Deep Analysis: integrated Binary Ninja and Ghidra bridge to read .exe logic when the AI cannot identify a UI element
▪️ Stealth Mode: operates via Session 0 and headless virtual desktops so the AI runs in the background while the main screen stays free
▪️ Natural Language Processing: tasks issued in plain English with no programming required
▪️ Universal Compatibility: claims to work with any Windows application without API, plugins, or hooks
▪️ Autonomous Reasoning: accepts goals such as "find the latest invoice in Outlook and upload it to the CRM" and chains actions independently
▪️ Invisible Persistence: runs as a Protected Process Light (PPL) to stay hidden from standard task managers and system scans
▪️ Encrypted Tunneling: WireGuard and Tailscale integration for direct P2P encrypted connection between operator and agent
▪️ Payment: BTC, LTC, XMR, ETH
▪️ Tagline: "The Elite Autonomous Windows Bridge, See. Reason. Execute."
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling AIRDC (AI Remote Desktop Control), a tool marketed as an autonomous Windows bridge that uses a specialized LLM to translate plain-English commands into precise hardware-level inputs on a remote machine.
The actor pitches it as a "Chat-to-Action" engine that lets an operator on a phone or another PC tell the AI agent what to do and watch it navigate the target desktop in real time. The post includes a disclaimer that AIRDC is a tool for developers and automation specialists and that remote access requires proper authorization, though the advertised feature set centers on stealth persistence, kernel-level input injection, and headless background operation. Two tier-based subscriptions are offered with cryptocurrency-only payment.
Post details:
▸ Actor(s): GENERAL DARK
▸ Sector: Offensive Tooling / Remote Access
▸ Type: Tool Sale (AI-driven covert remote control)
▸ Format: Software (Windows agent)
▸ Country: Not specified
▸ Date: 11/05/2026
Service features:
▪️ Chat-to-Action engine: specialized LLM bridge translates conversational intent into hardware-level inputs on the remote desktop
▪️ Conversational Command module: direct chat interface for issuing tasks like file search, email sending, and attachment handling
▪️ Vision Engine: low-latency DXGI Frame Buffer capture with OmniParser mapping UI elements into a real-time coordinate grid
▪️ Control Core: kernel-level raw input via the Interception driver, bypassing software restrictions, with human-mimetic mouse curves
▪️ Deep Analysis: integrated Binary Ninja and Ghidra bridge to read .exe logic when the AI cannot identify a UI element
▪️ Stealth Mode: operates via Session 0 and headless virtual desktops so the AI runs in the background while the main screen stays free
▪️ Natural Language Processing: tasks issued in plain English with no programming required
▪️ Universal Compatibility: claims to work with any Windows application without API, plugins, or hooks
▪️ Autonomous Reasoning: accepts goals such as "find the latest invoice in Outlook and upload it to the CRM" and chains actions independently
▪️ Invisible Persistence: runs as a Protected Process Light (PPL) to stay hidden from standard task managers and system scans
▪️ Encrypted Tunneling: WireGuard and Tailscale integration for direct P2P encrypted connection between operator and agent
▪️ Payment: BTC, LTC, XMR, ETH
▪️ Tagline: "The Elite Autonomous Windows Bridge, See. Reason. Execute."
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Daily Dose of Dark Web Informer - May 11th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-11th-2026/
Title: Daily Dose of Dark Web Informer - May 11th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-11th-2026/
Dark Web Informer
Daily Dose of Dark Web Informer - May 11th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
‼️🇮🇩 Kementerian Kesehatan Republik Indonesia allegedly leaked exposing 20 million antigen test records from the Indonesian Ministry of Health
A threat actor claims to have leaked a database of 20 million antigen test records linked to Kementerian Kesehatan Republik Indonesia, the Ministry of Health of the Republic of Indonesia.
The CSV sample shows full patient identity data tied to antigen testing performed at health facilities across Indonesia, including national identity numbers (NIC), phone numbers, dates of birth, full addresses with sub-district level detail, and test result status.
Sample entries reference locations such as Jakarta Selatan, BSD Serpong Tangerang Selatan, and dates ranging from 2022 onward.
Post details:
▸ Actor(s): XSVSHACKER
▸ Sector: Government / Healthcare
▸ Type: Data Leak
▸ Format: CSV
▸ Price: Not disclosed
▸ Records: 20,000,000
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Patient ID
▪️ Name
▪️ NIC (national identity number)
▪️ Age
▪️ Phone number
▪️ Address (full street, sub-district, district, province)
▪️ Health facility name
▪️ Citizenship status
▪️ Date of birth
▪️ Test status (e.g., Negative)
▪️ Test date and timestamp
▪️ Facility codes and regional identifiers
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database of 20 million antigen test records linked to Kementerian Kesehatan Republik Indonesia, the Ministry of Health of the Republic of Indonesia.
The CSV sample shows full patient identity data tied to antigen testing performed at health facilities across Indonesia, including national identity numbers (NIC), phone numbers, dates of birth, full addresses with sub-district level detail, and test result status.
Sample entries reference locations such as Jakarta Selatan, BSD Serpong Tangerang Selatan, and dates ranging from 2022 onward.
Post details:
▸ Actor(s): XSVSHACKER
▸ Sector: Government / Healthcare
▸ Type: Data Leak
▸ Format: CSV
▸ Price: Not disclosed
▸ Records: 20,000,000
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Patient ID
▪️ Name
▪️ NIC (national identity number)
▪️ Age
▪️ Phone number
▪️ Address (full street, sub-district, district, province)
▪️ Health facility name
▪️ Citizenship status
▪️ Date of birth
▪️ Test status (e.g., Negative)
▪️ Test date and timestamp
▪️ Facility codes and regional identifiers
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
1🔥1
Media is too big
VIEW IN TELEGRAM
Data theft: Teen arrested over hacking of French government website
Note: This is about the arrest of "breach3d" on a short news clip.
Video Credit: youtube.com/@France24_en
Note: This is about the arrest of "breach3d" on a short news clip.
Video Credit: youtube.com/@France24_en
😭6❤2😈1
Over 800 alerts on the Threat Feed today & it will probably just keep growing.
With that being said im looking into additional notification features that reduce noise & possible alert fatigue for those who want to see everything. I will provide an update to this later this week
With that being said im looking into additional notification features that reduce noise & possible alert fatigue for those who want to see everything. I will provide an update to this later this week
❤2