‼️🇻🇪 Ridery allegedly breached: 11,929 driver records exposed from the leading Venezuelan ride-hailing mobility app
A threat actor is sharing a confidential driver database from Ridery, the leading mobility app in Venezuela launched in 2021 that connects users with certified drivers for rides in cars, motorcycles, or vans across 11 states and 13 cities under a collaborative economy model.
The dump contains 11,929 driver records totaling 4GB compressed, published in JSON format with accompanying JPG driver photos. The sample displays an admin panel view exposing full driver identity records, contact numbers, home addresses in Caracas and surrounding areas, vehicle details, and licence plates.
▸ Actor: malconguerra2 (VIP)
▸ Sector: Mobility / Ride-Hailing
▸ Type: Data Leak
▸ Format: JSON + JPG (4GB compressed)
▸ Records: 11,929 drivers
▸ Country: Venezuela
▸ Date: 13/05/2026
Compromised data:
▪️ Driver full name
▪️ Driver photo (per-driver JPG file)
▪️ Phone number
▪️ Home address (street, building, apartment, district, postal zone, city)
▪️ Vehicle description (e.g., Carro, motorcycle, van)
▪️ Vehicle brand (e.g., Ikco)
▪️ Vehicle model (e.g., Tara, Dena)
▪️ Vehicle licence plate
▪️ Admin panel records ("RYD — Conductores") tied to the driver registry
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is sharing a confidential driver database from Ridery, the leading mobility app in Venezuela launched in 2021 that connects users with certified drivers for rides in cars, motorcycles, or vans across 11 states and 13 cities under a collaborative economy model.
The dump contains 11,929 driver records totaling 4GB compressed, published in JSON format with accompanying JPG driver photos. The sample displays an admin panel view exposing full driver identity records, contact numbers, home addresses in Caracas and surrounding areas, vehicle details, and licence plates.
▸ Actor: malconguerra2 (VIP)
▸ Sector: Mobility / Ride-Hailing
▸ Type: Data Leak
▸ Format: JSON + JPG (4GB compressed)
▸ Records: 11,929 drivers
▸ Country: Venezuela
▸ Date: 13/05/2026
Compromised data:
▪️ Driver full name
▪️ Driver photo (per-driver JPG file)
▪️ Phone number
▪️ Home address (street, building, apartment, district, postal zone, city)
▪️ Vehicle description (e.g., Carro, motorcycle, van)
▪️ Vehicle brand (e.g., Ikco)
▪️ Vehicle model (e.g., Tara, Dena)
▪️ Vehicle licence plate
▪️ Admin panel records ("RYD — Conductores") tied to the driver registry
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngx_http_rewrite_module introduced in 2008
GitHub: https://github.com/depthfirstdisclosures/nginx-rift
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/depthfirstdisclosures/nginx-rift
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
ARS Technica did a article on the two twin brothers who wiped a ton of databases minutes after being fired.
https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/
https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/
Ars Technica
Twin brothers wipe 96 gov't databases minutes after being fired
A case study in why credentials are revoked before firings.
😁3🔥1
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Murray County
Domain:
Country: 🇺🇸 US
Date: May 13th, 2026
Summary:
A cyberattack resulted in the closure of several Murray County government offices in Georgia, affecting tax and judicial services. However, authorities confirmed that emergency services (911), public safety, and primary voting are continuing normally. County officials did not specify the exact nature of the attack, whether any data was compromised, or when the closed offices will reopen.
Source: https://dysruptionhub.com/murray-georgia-cyberattack-offices/
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: Murray County
Domain:
murraycountyga.orgCountry: 🇺🇸 US
Date: May 13th, 2026
Summary:
A cyberattack resulted in the closure of several Murray County government offices in Georgia, affecting tax and judicial services. However, authorities confirmed that emergency services (911), public safety, and primary voting are continuing normally. County officials did not specify the exact nature of the attack, whether any data was compromised, or when the closed offices will reopen.
Source: https://dysruptionhub.com/murray-georgia-cyberattack-offices/
DysruptionHub
Murray County, Georgia cyberattack closes county offices
Murray County, Georgia, says a cyberattack closed tax and court offices while 911, public safety and voting continue.
‼️🇺🇸 McKissock and Colibri Real Estate allegedly breached: 3,395,138 customer records exposed from the US professional licensing education provider with extortion threat
A threat actor claims to have identified an accessible dataset exposing sensitive customer data from McKissock, a US online professional licensing and continuing education provider for real estate, appraisal, and related industries.
The actor states the issue also impacts third-party platforms integrated through shared API infrastructure and partner integrations, with Colibri Real Estate and other affiliated partners using the same backend services confirmed to be affected. The actor warns that the database will be publicly posted via Telegram within 7 days if no agreement is reached.
▸ Actor: deathwatch
▸ Sector: Education / Professional Licensing / Real Estate Training
▸ Type: Data Breach with Extortion Threat
▸ Records: 3,395,138 customer records
▸ Country: United States
▸ Deadline: 7 days from post for an agreement
▸ Date: 13/05/2026
Compromised data:
▪️ Student ID, user name, first name, middle initial, last name, suffix, date of birth
▪️ Email address (primary and alternate)
▪️ Address 1, address 2, city, state
▪️ Daytime phone, evening phone, fax
▪️ NetSuite ID, student type
▪️ Account types including Student Account and Test Account
▪️ Sample entries reference users across Alabama, Pennsylvania, Washington, Virginia, New Mexico, New York, Louisiana, South Dakota, Illinois, Texas, and other US states
▪️ Migration ID, SSN, Driver's License number
▪️ Country, last 4 digits of payment card
▪️ Over 300 employee records containing PII (email, name, age, date of birth, address, relation)
▪️ Payment information for over 500,000+ students including transaction IDs, amount due, and last 4 of the card used
▪️ Thousands of student documents including AAU transcripts, high school transcripts, medical certificates, medical transcripts, real estate certificates, certificates from 2015 through 2021, contact tracker hours, financial records, and UnderSelfAssigned records
▪️ Third-party data shared via API integration with Colibri Real Estate and other affiliated partners
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have identified an accessible dataset exposing sensitive customer data from McKissock, a US online professional licensing and continuing education provider for real estate, appraisal, and related industries.
The actor states the issue also impacts third-party platforms integrated through shared API infrastructure and partner integrations, with Colibri Real Estate and other affiliated partners using the same backend services confirmed to be affected. The actor warns that the database will be publicly posted via Telegram within 7 days if no agreement is reached.
▸ Actor: deathwatch
▸ Sector: Education / Professional Licensing / Real Estate Training
▸ Type: Data Breach with Extortion Threat
▸ Records: 3,395,138 customer records
▸ Country: United States
▸ Deadline: 7 days from post for an agreement
▸ Date: 13/05/2026
Compromised data:
▪️ Student ID, user name, first name, middle initial, last name, suffix, date of birth
▪️ Email address (primary and alternate)
▪️ Address 1, address 2, city, state
▪️ Daytime phone, evening phone, fax
▪️ NetSuite ID, student type
▪️ Account types including Student Account and Test Account
▪️ Sample entries reference users across Alabama, Pennsylvania, Washington, Virginia, New Mexico, New York, Louisiana, South Dakota, Illinois, Texas, and other US states
▪️ Migration ID, SSN, Driver's License number
▪️ Country, last 4 digits of payment card
▪️ Over 300 employee records containing PII (email, name, age, date of birth, address, relation)
▪️ Payment information for over 500,000+ students including transaction IDs, amount due, and last 4 of the card used
▪️ Thousands of student documents including AAU transcripts, high school transcripts, medical certificates, medical transcripts, real estate certificates, certificates from 2015 through 2021, contact tracker hours, financial records, and UnderSelfAssigned records
▪️ Third-party data shared via API integration with Colibri Real Estate and other affiliated partners
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇫🇷 École Française de Comptabilité allegedly breached: 41 GB and 60,683 student, teacher, and bank documents exposed from the French distance learning institution
A threat actor is selling 41 GB of data totalling 60,683 PDF files allegedly exfiltrated from the École Française de Comptabilité (EFC), a French private distance learning institution founded in 1945 and based in Lyon, specializing in accounting, payroll, human resources, law, and real estate training.
The dump reportedly contains student documents, teacher documents, bank documents, certificates, invoices, and other identity and financial paperwork. Sample images show payslips, RIB bank statements (Monabanq), employer attestations, and EFC-issued enrolment documents including French postal RIP forms tied to a Paris address.
▸ Actor: ChimeraZ
▸ Sector: Education / Distance Learning / Professional Training
▸ Type: Data Sale
▸ Format: PDF (60,683 files, 41 GB total)
▸ Records: 60,683 documents
▸ Country: France
▸ Date: 13/05/2026
Compromised data:
▪️ Student documents (enrolment forms, identity records, course records)
▪️ Teacher documents
▪️ Bank documents including RIB statements (Monabanq and others)
▪️ Certificates and attestations
▪️ Invoices
▪️ Employer salary attestations
▪️ EFC enrolment and contract documents
▪️ Postal RIP (Relevé d'Identité Postal) forms tied to La Poste accounts
▪️ IBAN and BIC identifiers visible in sample documents
▪️ Full names, postal addresses (including Paris), and dates of birth
▪️ Bank domiciliation details
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling 41 GB of data totalling 60,683 PDF files allegedly exfiltrated from the École Française de Comptabilité (EFC), a French private distance learning institution founded in 1945 and based in Lyon, specializing in accounting, payroll, human resources, law, and real estate training.
The dump reportedly contains student documents, teacher documents, bank documents, certificates, invoices, and other identity and financial paperwork. Sample images show payslips, RIB bank statements (Monabanq), employer attestations, and EFC-issued enrolment documents including French postal RIP forms tied to a Paris address.
▸ Actor: ChimeraZ
▸ Sector: Education / Distance Learning / Professional Training
▸ Type: Data Sale
▸ Format: PDF (60,683 files, 41 GB total)
▸ Records: 60,683 documents
▸ Country: France
▸ Date: 13/05/2026
Compromised data:
▪️ Student documents (enrolment forms, identity records, course records)
▪️ Teacher documents
▪️ Bank documents including RIB statements (Monabanq and others)
▪️ Certificates and attestations
▪️ Invoices
▪️ Employer salary attestations
▪️ EFC enrolment and contract documents
▪️ Postal RIP (Relevé d'Identité Postal) forms tied to La Poste accounts
▪️ IBAN and BIC identifiers visible in sample documents
▪️ Full names, postal addresses (including Paris), and dates of birth
▪️ Bank domiciliation details
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: mutreasury Allegedly Breached: Admin Credentials and API Keys Exposed From the Egyptian University Payment Gateway Covering 28+ Universities, Sold With a Zero-Day Vulnerability
Link: https://darkwebinformer.com/mutreasury-allegedly-breached-admin-credentials-and-api-keys-exposed-from-the-egyptian-university-payment-gateway-covering-28-universities-sold-with-a-zero-day-vulnerability/
Title: mutreasury Allegedly Breached: Admin Credentials and API Keys Exposed From the Egyptian University Payment Gateway Covering 28+ Universities, Sold With a Zero-Day Vulnerability
Link: https://darkwebinformer.com/mutreasury-allegedly-breached-admin-credentials-and-api-keys-exposed-from-the-egyptian-university-payment-gateway-covering-28-universities-sold-with-a-zero-day-vulnerability/
Dark Web Informer
mutreasury Allegedly Breached: Admin Credentials and API Keys Exposed From the Egyptian University Payment Gateway Covering 28+…
A threat actor is selling a database from mutreasury, the centralized payment gateway connecting more than 28 Egyptian universities for tuition, application fees, and other student payments.
🔪 Slice For Life - Part 2 🔪
‼️ New Ransomware Group and IP Leak: CMD Organization Clearnet: cmdofficial[.]com IP: 209[.]99[.]186[.]211 Onion: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion ________________________________________ Main Channel: https://t.m…
‼️ Some open links to scammers CMD Organization:
Screenshot 1: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/index.html
Screenshot 2: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/base.html
Screenshot 1: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/index.html
Screenshot 2: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/base.html
‼️🇸🇦 Thmanyah allegedly breached: 107,084 subscriber emails and a Bitmovin license key exposed from the leading Arabic podcast and media-tech platform
A threat actor is selling a database from Thmanyah, the Saudi media-tech company founded in 2016 in Riyadh and majority-owned by Saudi Research and Media Group (SRMG), which operates the largest Arabic podcast network in the Middle East and North Africa and holds the Guinness World Record for the most-viewed podcast episode on YouTube.
The actor states the breach exposed 107,084 subscriber emails along with a Bitmovin video-streaming LICENSE key embedded in the dump. The sample shows internal admin accounts on the thmanyah[.]com domain, user join dates from 2024, language and category preferences across Documentary, Science Fiction, True Crime, Food, and Relationships content, plus Apple Podcasts category mappings and translation metadata.
▸ Actor: lulzintel (GOD User)
▸ Sector: Media / Podcast Platform / Tech
▸ Type: Data Sale (paywalled, 6 forum points)
▸ Records: 107,084 subscriber emails + Bitmovin LICENSE key
▸ Country: Saudi Arabia
▸ Date: 14/05/2026
Compromised data:
▪️ Subscriber email addresses (107,084 records)
▪️ User ID
▪️ Account approval flag (is_approved)
▪️ Join date
▪️ Language preference (lang, e.g., "en", "ar")
▪️ Name
▪️ Question fields (q7, q4_2, q5, q6, q1, q2_2, q8, q3, q3_str)
▪️ Interests array (e.g., "google_podcast")
▪️ VUE_APP_BITMOVIN_LICENSE_KEY (included in the file)
▪️ Internal Thmanyah staff accounts visible in sample
▪️ Waitlist IDs and category mappings to Apple Podcasts taxonomy (Documentary, Science Fiction, True Crime, Food, Relationships)
▪️ Translation pairs (Arabic and English) for category names
▪️ Listen/yes flags, device type (e.g., android), age ranges (e.g., 20+, 4_8)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling a database from Thmanyah, the Saudi media-tech company founded in 2016 in Riyadh and majority-owned by Saudi Research and Media Group (SRMG), which operates the largest Arabic podcast network in the Middle East and North Africa and holds the Guinness World Record for the most-viewed podcast episode on YouTube.
The actor states the breach exposed 107,084 subscriber emails along with a Bitmovin video-streaming LICENSE key embedded in the dump. The sample shows internal admin accounts on the thmanyah[.]com domain, user join dates from 2024, language and category preferences across Documentary, Science Fiction, True Crime, Food, and Relationships content, plus Apple Podcasts category mappings and translation metadata.
▸ Actor: lulzintel (GOD User)
▸ Sector: Media / Podcast Platform / Tech
▸ Type: Data Sale (paywalled, 6 forum points)
▸ Records: 107,084 subscriber emails + Bitmovin LICENSE key
▸ Country: Saudi Arabia
▸ Date: 14/05/2026
Compromised data:
▪️ Subscriber email addresses (107,084 records)
▪️ User ID
▪️ Account approval flag (is_approved)
▪️ Join date
▪️ Language preference (lang, e.g., "en", "ar")
▪️ Name
▪️ Question fields (q7, q4_2, q5, q6, q1, q2_2, q8, q3, q3_str)
▪️ Interests array (e.g., "google_podcast")
▪️ VUE_APP_BITMOVIN_LICENSE_KEY (included in the file)
▪️ Internal Thmanyah staff accounts visible in sample
▪️ Waitlist IDs and category mappings to Apple Podcasts taxonomy (Documentary, Science Fiction, True Crime, Food, Relationships)
▪️ Translation pairs (Arabic and English) for category names
▪️ Listen/yes flags, device type (e.g., android), age ranges (e.g., 20+, 4_8)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
‼️ Some open links to scammers CMD Organization: Screenshot 1: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/index.html Screenshot 2: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/base.html
Simpler way to flood.
Screenshot 3: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/_bid_modal.html
Screenshot 4: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/_contact_modal.html
Screenshot 3: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/_bid_modal.html
Screenshot 4: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/_contact_modal.html
‼️🇺🇸 CoreWeave allegedly breached: full infrastructure access claimed against the US GPU cloud provider that powers OpenAI workloads
A threat actor claims to have pulled full infrastructure access from CoreWeave, the US-based GPU cloud provider that went public in 2025 with revenue exceeding $500 million and is one of the primary compute providers for OpenAI workloads.
The actor describes the access as wide open with zero authentication required, stating they cannot determine whether the exposure represents gross negligence or a honeypot. The claimed access spans multiple internal notebook servers with root shells across regions, full cloud account credentials, the central monitoring stack, customer data storage, internal infrastructure topology, and long-term persistence mechanisms. The post is currently unverified.
▸ Actor: macaroni
▸ Sector: Cloud Computing / GPU Infrastructure / AI Compute
▸ Type: Infrastructure Access Claim (unverified)
▸ Records: Full infrastructure access claim, no record count specified
▸ Country: United States
▸ Date: 13/05/2026
Compromised data:
▪️ Multiple internal notebook servers with root shells across multiple regions
▪️ Cloud account credentials and data access roles, including permanent IAM keys with sts:AssumeRole and temporary keys from 4 accounts
▪️ Central monitoring dashboard with full Grafana admin access, every dashboard, Loki logs, Prometheus metrics, and live GPU telemetry
▪️ Customer data storage including S3 buckets, EBS snapshots, and workload logs reportedly containing personal and financial records
▪️ Internal infrastructure topology including Kubernetes API, Docker registry, Jenkins, ArgoCD, PostgreSQL, and Redis (no authentication), with a full network map
▪️ Long-term persistence including deployed SSH keys, backdoor user accounts, and identified IAM persistence paths
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have pulled full infrastructure access from CoreWeave, the US-based GPU cloud provider that went public in 2025 with revenue exceeding $500 million and is one of the primary compute providers for OpenAI workloads.
The actor describes the access as wide open with zero authentication required, stating they cannot determine whether the exposure represents gross negligence or a honeypot. The claimed access spans multiple internal notebook servers with root shells across regions, full cloud account credentials, the central monitoring stack, customer data storage, internal infrastructure topology, and long-term persistence mechanisms. The post is currently unverified.
▸ Actor: macaroni
▸ Sector: Cloud Computing / GPU Infrastructure / AI Compute
▸ Type: Infrastructure Access Claim (unverified)
▸ Records: Full infrastructure access claim, no record count specified
▸ Country: United States
▸ Date: 13/05/2026
Compromised data:
▪️ Multiple internal notebook servers with root shells across multiple regions
▪️ Cloud account credentials and data access roles, including permanent IAM keys with sts:AssumeRole and temporary keys from 4 accounts
▪️ Central monitoring dashboard with full Grafana admin access, every dashboard, Loki logs, Prometheus metrics, and live GPU telemetry
▪️ Customer data storage including S3 buckets, EBS snapshots, and workload logs reportedly containing personal and financial records
▪️ Internal infrastructure topology including Kubernetes API, Docker registry, Jenkins, ArgoCD, PostgreSQL, and Redis (no authentication), with a full network map
▪️ Long-term persistence including deployed SSH keys, backdoor user accounts, and identified IAM persistence paths
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇹 KRIA S.r.l. allegedly breached: 2.03 GB of speed and red-light enforcement data exposed from the Italian traffic monitoring technology vendor
A threat actor is selling a 2.03 GB dump allegedly exfiltrated from KRIA S.r.l., the Italian traffic enforcement technology company based in Seregno that manufactures the T-EXSPEED speed measurement system and T-REDSPEED red-light violation detection system used by Italian municipalities and traffic police.
The dump covers data from 2021 through 2026 and includes the full T-EXSPEED and T-REDSPEED software suite, complete MySQL databases of recorded violations, raw photos and videos from installations across Italian municipalities including Vicenza, Gemonio (VA), and Besozzo, along with device configurations, server credentials, and technical documentation. Sample evidence shows red-light violation records from Via San Vitale 3, Seregno, including timestamped vehicle plate captures and frame-by-frame imagery from system ID 441.
▸ Actor: prtsc
▸ Sector: Government Technology / Traffic Enforcement / Public Safety
▸ Type: Data Sale
▸ Format: Mixed (software binaries, MySQL dumps, photos, videos, configs)
▸ Records: 2.03 GB covering 2021 through 2026
▸ Price: 1,500 USDT
▸ Country: Italy
▸ Date: 12/05/2026
Compromised data:
▪️ T-EXSPEED software (original installer plus backups and install files)
▪️ T-REDSPEED software (original installer plus backups and install files)
▪️ Complete MySQL database covering events, violations, plates, statistics, whitelist, blacklist, and reports
▪️ Real speed and red-light violation records logged by deployed cameras
▪️ Original photos and videos from Italian installations, including Vicenza, Gemonio (VA), and other municipalities
▪️ Camera configurations, calibration files, and project settings
▪️ Device list and server credentials
▪️ Hardware information and inventory
▪️ Technical documents and internal reports
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling a 2.03 GB dump allegedly exfiltrated from KRIA S.r.l., the Italian traffic enforcement technology company based in Seregno that manufactures the T-EXSPEED speed measurement system and T-REDSPEED red-light violation detection system used by Italian municipalities and traffic police.
The dump covers data from 2021 through 2026 and includes the full T-EXSPEED and T-REDSPEED software suite, complete MySQL databases of recorded violations, raw photos and videos from installations across Italian municipalities including Vicenza, Gemonio (VA), and Besozzo, along with device configurations, server credentials, and technical documentation. Sample evidence shows red-light violation records from Via San Vitale 3, Seregno, including timestamped vehicle plate captures and frame-by-frame imagery from system ID 441.
▸ Actor: prtsc
▸ Sector: Government Technology / Traffic Enforcement / Public Safety
▸ Type: Data Sale
▸ Format: Mixed (software binaries, MySQL dumps, photos, videos, configs)
▸ Records: 2.03 GB covering 2021 through 2026
▸ Price: 1,500 USDT
▸ Country: Italy
▸ Date: 12/05/2026
Compromised data:
▪️ T-EXSPEED software (original installer plus backups and install files)
▪️ T-REDSPEED software (original installer plus backups and install files)
▪️ Complete MySQL database covering events, violations, plates, statistics, whitelist, blacklist, and reports
▪️ Real speed and red-light violation records logged by deployed cameras
▪️ Original photos and videos from Italian installations, including Vicenza, Gemonio (VA), and other municipalities
▪️ Camera configurations, calibration files, and project settings
▪️ Device list and server credentials
▪️ Hardware information and inventory
▪️ Technical documents and internal reports
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations