Simpler way to flood.

Screenshot 3: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/_bid_modal.html

Screenshot 4: http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion/templates/_contact_modal.html

‼️🇺🇸 CoreWeave allegedly breached: full infrastructure access claimed against the US GPU cloud provider that powers OpenAI workloads

A threat actor claims to have pulled full infrastructure access from CoreWeave, the US-based GPU cloud provider that went public in 2025 with revenue exceeding $500 million and is one of the primary compute providers for OpenAI workloads.

The actor describes the access as wide open with zero authentication required, stating they cannot determine whether the exposure represents gross negligence or a honeypot. The claimed access spans multiple internal notebook servers with root shells across regions, full cloud account credentials, the central monitoring stack, customer data storage, internal infrastructure topology, and long-term persistence mechanisms. The post is currently unverified.

▸ Actor: macaroni
▸ Sector: Cloud Computing / GPU Infrastructure / AI Compute
▸ Type: Infrastructure Access Claim (unverified)
▸ Records: Full infrastructure access claim, no record count specified
▸ Country: United States
▸ Date: 13/05/2026

Compromised data:

▪️ Multiple internal notebook servers with root shells across multiple regions
▪️ Cloud account credentials and data access roles, including permanent IAM keys with sts:AssumeRole and temporary keys from 4 accounts
▪️ Central monitoring dashboard with full Grafana admin access, every dashboard, Loki logs, Prometheus metrics, and live GPU telemetry
▪️ Customer data storage including S3 buckets, EBS snapshots, and workload logs reportedly containing personal and financial records
▪️ Internal infrastructure topology including Kubernetes API, Docker registry, Jenkins, ArgoCD, PostgreSQL, and Redis (no authentication), with a full network map
▪️ Long-term persistence including deployed SSH keys, backdoor user accounts, and identified IAM persistence paths

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇮🇹 KRIA S.r.l. allegedly breached: 2.03 GB of speed and red-light enforcement data exposed from the Italian traffic monitoring technology vendor

A threat actor is selling a 2.03 GB dump allegedly exfiltrated from KRIA S.r.l., the Italian traffic enforcement technology company based in Seregno that manufactures the T-EXSPEED speed measurement system and T-REDSPEED red-light violation detection system used by Italian municipalities and traffic police.

The dump covers data from 2021 through 2026 and includes the full T-EXSPEED and T-REDSPEED software suite, complete MySQL databases of recorded violations, raw photos and videos from installations across Italian municipalities including Vicenza, Gemonio (VA), and Besozzo, along with device configurations, server credentials, and technical documentation. Sample evidence shows red-light violation records from Via San Vitale 3, Seregno, including timestamped vehicle plate captures and frame-by-frame imagery from system ID 441.

▸ Actor: prtsc
▸ Sector: Government Technology / Traffic Enforcement / Public Safety
▸ Type: Data Sale
▸ Format: Mixed (software binaries, MySQL dumps, photos, videos, configs)
▸ Records: 2.03 GB covering 2021 through 2026
▸ Price: 1,500 USDT
▸ Country: Italy
▸ Date: 12/05/2026

Compromised data:

▪️ T-EXSPEED software (original installer plus backups and install files)
▪️ T-REDSPEED software (original installer plus backups and install files)
▪️ Complete MySQL database covering events, violations, plates, statistics, whitelist, blacklist, and reports
▪️ Real speed and red-light violation records logged by deployed cameras
▪️ Original photos and videos from Italian installations, including Vicenza, Gemonio (VA), and other municipalities
▪️ Camera configurations, calibration files, and project settings
▪️ Device list and server credentials
▪️ Hardware information and inventory
▪️ Technical documents and internal reports

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇮🇶 Iraqi Ministry of Interior allegedly breached: 2025-2026 census data exposed from the Iraqi government civil registry and vehicle registration systems

A threat actor is selling Iraq's 2025-2026 census data, sourced from the Iraqi Ministry of Interior's Directorate of General Nationality and Central Information Office. The sample images show official Iraqi civil status identity cards, vehicle registration licences (with MRZ data), and family registry record cards, alongside structured digital records covering civil identity, vehicle registration, and family lineage data tied to specific governorates including Erbil, Sulaymaniyah (Kifri district), and Khabat.

▸ Actor: OxO (VIP)
▸ Sector: Government / Civil Registry / Vehicle Registration
▸ Type: Data Sale
▸ Records: 2025-2026 Iraqi census records
▸ Country: Iraq
▸ Date: 14/05/2026

Compromised data:

Civil Identity (Official Civil Status Identity, Iraq):

▪️ Full name (Arabic and English)
▪️ Alias
▪️ ID type and ID number
▪️ Citizenship status (e.g., "Displaced Iraqi")
▪️ Mobile phone number
▪️ Workplace (e.g., Ministry of Education)
▪️ Gender
▪️ Marital status
▪️ Birth date
▪️ Province (e.g., Erbil)
▪️ District (e.g., Khabat)
▪️ Vaccination centre (e.g., BAHRKA CAMP)
▪️ Emergency contact number

Vehicle Registration (Ministry of Interior, Iraq Licence):

▪️ Name in English and Arabic
▪️ Licence number
▪️ Issue date and expiry date
▪️ VIN code
▪️ National ID reference
▪️ Additional ID
▪️ Gender

Family Registry:

▪️ Family number
▪️ Province (e.g., Sulaymaniyah)
▪️ Location (e.g., maternity hospital, Kifri district)
▪️ Sub-district (e.g., Kifri)
▪️ Full names of family members
▪️ Dates of birth for each member spanning multiple generations (samples from 1945 through 1988)
▪️ Governorate of registration

Physical document samples:

▪️ Republic of Iraq Vehicle Registration Licence cards
▪️ Ministry of Interior civil identity cards with MRZ
▪️ Family member information record cards from the Directorate of General Nationality

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇬🇹 Guatemalan Ministry of Finance allegedly breached: 130,000 RGAE registrations and 235,000 sensitive PDFs (324.5GB) exposed via IDOR and unauthenticated APIs

A threat actor claims to have compromised the Registro General de Adquisiciones del Estado (RGAE) system operated by the Guatemalan Ministry of Finance (Ministerio de Finanzas Públicas), the official state procurement registry.

The actor describes the breach as part of an ongoing "digital siege" against Guatemala, citing critical IDOR/BOLA vulnerabilities at /api/Solicitud/ObtenerSecciones and two open APIs without any security, including one connected to the Superintendencia de Administración Tributaria (SAT) at /api/sat/email.

The actor states that despite Cloudflare and a WAF being in place, the extraction was performed by simulating real traffic from ordinary web users to avoid alerting the system, allowing 130,000 registration records from 2020 to 2026 to be extracted, alongside 235,000 sensitive PDF documents totalling 324.5 GB.

A proof-of-concept 5,000-row CSV sample and a 200-PDF preview have been published.

▸ Actor: GordonFreeman (VIP), branded "LAT4MFUCK3RS"
▸ Sector: Government / Public Procurement / Finance
▸ Type: Data Breach (IDOR/BOLA, unauthenticated APIs)
▸ Records: 130,000 registrations + 235,000 PDFs (324.5 GB)
▸ Country: Guatemala
▸ Date: 14/05/2026

Compromised data:

Registration records (130,000 rows, 2020-2026):

▪️ ID
▪️ NIT (Guatemalan tax identification number)
▪️ CUI (Código Único de Identificación)
▪️ Nombre (full name)
▪️ Direccion (address)
▪️ Telefono (phone number)
▪️ Correo (email address)
▪️ Tipo_Org (organization type, Individual or Juridica)

PDF documents (235,000 files, 324.5 GB):

▪️ University degrees and diplomas
▪️ Ministry of Education teaching titles
▪️ SAT invoices (Facturas)
▪️ Negotiation minutes and articles of incorporation
▪️ Sports minutes (actas)
▪️ Simple agreements
▪️ Notarial acts (Protocolos with Diez Quetzales registry stamps)
▪️ Balance sheets
▪️ Bank certifications
▪️ Administrative contracts
▪️ Signed affidavits
▪️ Tax solvency certificates
▪️ Commercial patents
▪️ Scanned DPIs
▪️ Constitution of Sociedad Anónima documents

Vulnerability details:

▪️ IDOR/BOLA
▪️ Unauthenticated SAT API
▪️ Second unauthenticated API hosting all persons registered in RGAE
▪️ Cloudflare and WAF in place but bypassed via traffic simulation

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations