‼️🌐 District Health Information Software (DHIS2) allegedly breached: access shared to national health systems across more than 30 countries serving 3.2 billion people

A threat actor is sharing access touching the District Health Information Software (DHIS2) instances of more than 30 national ministries of health.

DHIS2 is the world's largest open-source health management information system (HMIS) platform, used by over 75 countries to manage data for 3.2 billion people, supporting national health information systems, disease surveillance, vaccine tracking, and supply logistics.

The actor states the affected systems are the main administrative data of record for monitoring public health services, tracking case-based epidemics, outbreak responses, and immunization programs, and include WHO-configured metadata packages for HIV, TB, and Malaria.

▸ Actor: Keymous
▸ Sector: Government / Public Health Information Systems
▸ Type: Access / Data Breach
▸ Records: National HMIS platforms covering more than 30 countries
▸ Countries: Burundi, Eritrea, Ethiopia, Kenya, Rwanda, Tanzania, Uganda, Zambia, Zanzibar, Benin, Burkina Faso, Ghana, Guinea, Liberia, Mali, Mauritania, Niger, Nigeria, Senegal, Sierra Leone, Cameroon, Chad, Equatorial Guinea, Botswana, Eswatini, Lesotho, Madagascar, Malawi, Mauritius, Mozambique, Namibia, Bangladesh, Bhutan, Nepal, Sri Lanka, Cambodia, Myanmar, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama (additionally listed as under check: Morocco, Iraq, Lebanon)

Compromised data:

▪️ Main administrative data of record for national public health services
▪️ Case-based epidemic monitoring and outbreak response data
▪️ Immunization program data
▪️ WHO-configured metadata packages for HIV
▪️ WHO-configured metadata packages for TB (Tuberculosis)
▪️ WHO-configured metadata packages for Malaria
▪️ Disease surveillance feeds
▪️ Vaccine tracking data
▪️ Supply logistics records
▪️ Access touching the ministries of health for Honduras, Bhutan, Mozambique, Sierra Leone, Liberia, Nigeria, and other countries listed above

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇫🇷 Thales Group allegedly breached: 6,400 user records exposed from the French defense, aerospace, and digital identity multinational

A threat actor is leaking a database described as belonging to Thales Group, the French multinational covering defense, aerospace, space, transport, and digital identity and security. The dataset is published as an 85 MB JSON file containing 6,400 records with entitlements including SIGNER, WATCHER, and GDPR roles.

▸ Actor: ChimeraZ
▸ Sector: Defense / Aerospace / Digital Identity and Security
▸ Type: Data Leak
▸ Format: JSON (85 MB)
▸ Records: 6,400
▸ Country: France (sample tenant LuxTrust based in Luxembourg)
▸ Date: 12/05/2026

Compromised data:
▪️ User ID
▪️ Tenant ID and tenant name (e.g., LuxTrust)
▪️ Entitlement names (SIGNER, WATCHER, GDPR)
▪️ Directory alias and directories list (default-directory, external-people)
▪️ Enrolled flag
▪️ Account status (ENABLED)
▪️ Circle, circle modifiable, and circle reentrant flags
▪️ Placeholder flag
▪️ User ID and email address
▪️ First name (firstName) and last name (lastName)
▪️ Phone number
▪️ Organisation details (organisationId, businessId, name)
▪️ Attributes and attributesV2 fields (key, value, type, readOnly, hidden)
▪️ Locale code (e.g., FR)
▪️ Format, creator, circleScope, circleTargetId
▪️ Authentication provider codes (authProviderCodes)
▪️ Outer ID

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️LibrePass allegedly advertised as anonymous company registration, offshore incorporation, and crypto license service operating since 2012

A threat actor operating under the alias LibrePass is selling worldwide company registration, offshore incorporation, and cryptocurrency license services with no background checks or verification required, full nominee service, and anonymity guaranteed.

The service offers shell company setup across more than 60 jurisdictions, including options to open online offices and corporate bank accounts, file annual reports to maintain the companies, and obtain crypto licenses required to legally run exchanges, trading platforms, or purchase Facebook and Twitter ads.

The seller claims to have operated since 2012 with reviews on other forums.

▸ Actor: LibrePass
▸ Sector: Anonymous Incorporation / Offshore / Crypto Licensing
▸ Type: Service Advertisement (money-laundering infrastructure)
▸ Price: From $900 USD for shell companies up to €27,500 for full EU entities, plus crypto licenses from 24,500 to 37,750 EUR
▸ Country: Worldwide (60+ jurisdictions)
▸ Date: 12/05/2026

Service features:

Standard company registration (no verification, nominee service, optional corporate bank account):

▪️ England: $1,250, 2 to 4 days
▪️ Australia: $1,650, 3 to 6 days
▪️ USA (various states): from $2,200, 1 to 5 days
▪️ Hong Kong: $2,300, 3 to 7 days
▪️ Scotland: $900, 2 to 4 days
▪️ Wales: $1,100, 2 to 4 days
▪️ Northern Ireland (GB): $1,500, 2 to 4 days
▪️ Ireland (IE): $5,500, 10 to 15 days
▪️ Canada: $5,200, 10 to 15 days
▪️ New Zealand: $4,500, 2 to 4 days
▪️ Costa Rica: $6,000, 14 to 21 days
▪️ UAE (2 emirates): $12,500, 14 to 21 days
▪️ Singapore: $6,900, 10 to 15 days
▪️ South Africa: $4,200, 10 to 15 days
▪️ Marshall Islands: $5,500, 10 to 15 days
▪️ Panama: $6,200, 14 to 21 days

Europe with authorized capital (processing 2 months or more):

▪️ Luxembourg: €27,500
▪️ Spain: €21,500
▪️ France (SARL): €17,500
▪️ Germany (GmbH): €18,000 + €25,000 minimum authorized capital
▪️ Sweden (A.B.): €15,000 + €25,000 minimum authorized capital
▪️ Romania (SRL): €7,750
▪️ Netherlands (Dutch BV): €21,500
▪️ Liechtenstein: €23,500 + €20,000 minimum share capital
▪️ Switzerland (GmbH): 27,500 CHF + 20,000 CHF minimum share capital

Offshore jurisdictions (no public registry):

▪️ Samoa: 3,500
▪️ Labuan: 11,500
▪️ Vanuatu: 4,500
▪️ Vietnam: 14,000
▪️ Cyprus: 5,500
▪️ Gibraltar: 7,500
▪️ Malta: 7,800
▪️ Anguilla: 3,200
▪️ The Bahamas: 5,800
▪️ Saint Vincent and the Grenadines: 2,800
▪️ Nevis: 4,500
▪️ Mauritius: 9,000
▪️ BVI: 2,700
▪️ Cayman Islands: 6,500
▪️ Seychelles: 2,800

Crypto licenses (company plus license to legally operate exchanges, trading platforms, crypto startups, and purchase ads):

▪️ Poland: €24,500
▪️ Czech Republic: €37,750
▪️ Lithuania: €34,500
▪️ Bulgaria: €28,000
▪️ Georgia: €27,750

US SEC EDGAR registration:

▪️ Includes US company registration, EDGAR filing, and SEC notification
▪️ Timeline: 4 to 5 weeks
▪️ Requires a US company (registration available) plus $25,000
▪️ Guarantor service available at buyer's expense
▪️ EU nominee companies available from $4,500 for corporate account opening

Add-ons and policies:

▪️ +$800 for paid-in authorized capital up to $1 billion
▪️ +$6,500 for full nominee service in some jurisdictions
▪️ Annual report filing and company renewal handled by the seller
▪️ No day-to-day accounting handled

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

I am testing some new notification features on the threat feed to reduce excessive noise and alert fatigue. These and maybe 1 or 2 more will be available either on Friday or Saturday once I have had enough time to test and resolve some UI and UX issues. Settings continue to save to your localstorage in your browser.

‼️🇬🇷 Municipality of Agrinio allegedly breached: 28 databases exposed via SQL injection on the Greek local government portal

A threat actor is sharing the results of an SQL injection attack against the Municipality of Agrinio, the largest city in the Aetolia-Acarnania regional unit of Western Greece, with a population of approximately 90,000.

Using sqlmap, the actor leveraged boolean-based, error-based, and time-based blind injection techniques on the login form to reach the back-end MySQL database (MySQL ≥ 5.1) running behind a PHP and Apache stack, and enumerated 28 available databases tied to municipal services and elections.

▸ Actor: justscyprus
▸ Sector: Government / Municipal Administration
▸ Type: SQL Injection / Data Breach
▸ Records: 28 enumerated databases
▸ Country: Greece
▸ Date: 13/05/2026

Compromised data:

▪️ Back-end DBMS: MySQL ≥ 5.1
▪️ Web application stack: PHP, Apache
▪️ Injection vector: login form, parameter "username" via POST
▪️ Confirmed injection types: boolean-based blind (WHERE/HAVING), error-based (EXTRACTVALUE), time-based blind (SLEEP)
▪️ Citizen registry database (dimotologio) referenced in the enumeration
▪️ Backup database (mp-agrinio_backup) referenced in the enumeration
▪️ Output logged to local sqlmap output directory under /agrinio.gov.gr/

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations