‼️An admin on a well-known cybercriminal forum announces CIS data restriction: Russia and multiple CIS-related countries prohibited from breach and document posts
A forum administrator announced a new policy prohibiting activity involving Russia and several CIS-related countries, stating that data breach posts or document leaks targeting the listed countries will no longer be permitted. The administrator warned that violating threads may be deleted and repeat violations may result in bans.
▸ Actor: "John"
▸ Sector: Cybercrime Forum / Policy Announcement
▸ Type: Forum Statement
▸ Records: Not applicable
▸ Country: Russia / CIS Region
▸ Date: 15/05/2026
Affected scope:
▪️ Russia-related breach and document posts prohibited
▪️ Ukraine-related breach and document posts prohibited
▪️ Belarus, Kazakhstan, Azerbaijan, Armenia, Kyrgyzstan, Tajikistan, Uzbekistan, Turkmenistan, Moldova, and Georgia included in the restriction
▪️ Forum users warned that violating threads may be deleted
▪️ Repeat violations may result in account bans
▪️ Policy framed as applying to all activity concerning the listed countries
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A forum administrator announced a new policy prohibiting activity involving Russia and several CIS-related countries, stating that data breach posts or document leaks targeting the listed countries will no longer be permitted. The administrator warned that violating threads may be deleted and repeat violations may result in bans.
▸ Actor: "John"
▸ Sector: Cybercrime Forum / Policy Announcement
▸ Type: Forum Statement
▸ Records: Not applicable
▸ Country: Russia / CIS Region
▸ Date: 15/05/2026
Affected scope:
▪️ Russia-related breach and document posts prohibited
▪️ Ukraine-related breach and document posts prohibited
▪️ Belarus, Kazakhstan, Azerbaijan, Armenia, Kyrgyzstan, Tajikistan, Uzbekistan, Turkmenistan, Moldova, and Georgia included in the restriction
▪️ Forum users warned that violating threads may be deleted
▪️ Repeat violations may result in account bans
▪️ Policy framed as applying to all activity concerning the listed countries
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ The FBI has provided a new Public Service Announcement regarding the ShinyHunters cybercriminal group and their recent attack affecting an online Learning Management System (LMS).
https://www.ic3.gov/PSA/2026/PSA260515
The FBI is providing recommendations on what to do if you are contacted directly by anyone claiming to have your data.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.ic3.gov/PSA/2026/PSA260515
The FBI is providing recommendations on what to do if you are contacted directly by anyone claiming to have your data.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️ New Dark Web Informer Blog Post!
Title: Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish Corporate Networks
Link: https://darkwebinformer.com/icaro-cloud-allegedly-breached-firewall-configs-vpn-keys-tls-certificates-and-internal-network-data-exposed-across-20-spanish-corporate-networks/
Title: Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish Corporate Networks
Link: https://darkwebinformer.com/icaro-cloud-allegedly-breached-firewall-configs-vpn-keys-tls-certificates-and-internal-network-data-exposed-across-20-spanish-corporate-networks/
Dark Web Informer
Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish…
A threat actor claims to have breached Ícaro Cloud S.L., an Alicante-based managed service provider in Spain, allegedly exposing sensitive configuration data across 20 client networks.
‼️ New Dark Web Informer Blog Post!
Title: Auchan Allegedly Breached: 1.29M Customer Database Entries Exposed from French Retail Records
Link: https://darkwebinformer.com/auchan-allegedly-breached-1-29m-customer-database-entries-exposed-from-french-retail-records/
Title: Auchan Allegedly Breached: 1.29M Customer Database Entries Exposed from French Retail Records
Link: https://darkwebinformer.com/auchan-allegedly-breached-1-29m-customer-database-entries-exposed-from-french-retail-records/
Dark Web Informer
Auchan Allegedly Breached: 1.29M Customer Database Entries Exposed from French Retail Records
A threat actor claims to be selling a fresh database dump linked to Auchan, the French multinational retail group.
‼️ New Dark Web Informer Blog Post!
Title: Stych Allegedly Breached: 1.34M Customer Database Entries Exposed from French Mobility Service Records
Link: https://darkwebinformer.com/stych-allegedly-breached-1-34m-customer-database-entries-exposed-from-french-mobility-service-records/
Title: Stych Allegedly Breached: 1.34M Customer Database Entries Exposed from French Mobility Service Records
Link: https://darkwebinformer.com/stych-allegedly-breached-1-34m-customer-database-entries-exposed-from-french-mobility-service-records/
Dark Web Informer
Stych Allegedly Breached: 1.34M Customer Database Entries Exposed from French Mobility Service Records
A threat actor claims to be selling a fresh database dump linked to Stych, a French driving school and mobility training platform.
‼️🇮🇱 Aran Group allegedly breached: internal IT infrastructure and operational data exposed from bag-in-box packaging systems
A threat actor claims to have breached Aran Group, an Israeli industrial liquid packaging company specializing in bag-in-box (BIB) and aseptic packaging solutions for food and beverage markets. The actor alleges the incident affected IT infrastructure across multiple regions and included internal access, operational records, and supporting attachments shared as proof.
▸ Actor: MDGhost
▸ Sector: Industrial Packaging / Manufacturing
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: Israel
▸ Date: 15/05/2026
Compromised data:
▪️ Internal IT infrastructure allegedly linked to Aran Group operations
▪️ Operational data connected to industrial packaging environments
▪️ Access-related materials and internal system references
▪️ Regional infrastructure allegedly spanning Israel, the United States, Germany, and Spain
▪️ Attachments shared by the actor as proof of access
▪️ Company and business operations data tied to bag-in-box packaging services
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Aran Group, an Israeli industrial liquid packaging company specializing in bag-in-box (BIB) and aseptic packaging solutions for food and beverage markets. The actor alleges the incident affected IT infrastructure across multiple regions and included internal access, operational records, and supporting attachments shared as proof.
▸ Actor: MDGhost
▸ Sector: Industrial Packaging / Manufacturing
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: Israel
▸ Date: 15/05/2026
Compromised data:
▪️ Internal IT infrastructure allegedly linked to Aran Group operations
▪️ Operational data connected to industrial packaging environments
▪️ Access-related materials and internal system references
▪️ Regional infrastructure allegedly spanning Israel, the United States, Germany, and Spain
▪️ Attachments shared by the actor as proof of access
▪️ Company and business operations data tied to bag-in-box packaging services
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇩 @Sorbinfo Perumda Tirta Musi Palembang allegedly breached: 437K customer records and 257K phone numbers exposed from Indonesian water utility data
A threat actor claims to be selling data linked to Perumda Tirta Musi Palembang, the city-owned water utility provider serving customers in Palembang, Indonesia. The actor alleges the exposed dataset contains more than 437,000 customer records and 257,000 phone numbers, including names, addresses, telephone numbers, tariff codes, and other service-related fields.
▸ Actor: Sorb
▸ Sector: Water Utility / Public Services
▸ Type: Database Leak
▸ Records: 437,000+ customer records and 257,000 phone numbers
▸ Country: Indonesia
▸ Date: 13/05/2026
Compromised data:
▪️ Customer database records allegedly linked to Perumda Tirta Musi Palembang
▪️ Customer names and account-related identifiers
▪️ Residential address information
▪️ Telephone and contact number fields
▪️ Tariff code and service classification data
▪️ Additional utility service records tied to water customer accounts
The dataset is described as containing customer information from the Palembang municipal water utility and is being offered for sale on an underground forum.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling data linked to Perumda Tirta Musi Palembang, the city-owned water utility provider serving customers in Palembang, Indonesia. The actor alleges the exposed dataset contains more than 437,000 customer records and 257,000 phone numbers, including names, addresses, telephone numbers, tariff codes, and other service-related fields.
▸ Actor: Sorb
▸ Sector: Water Utility / Public Services
▸ Type: Database Leak
▸ Records: 437,000+ customer records and 257,000 phone numbers
▸ Country: Indonesia
▸ Date: 13/05/2026
Compromised data:
▪️ Customer database records allegedly linked to Perumda Tirta Musi Palembang
▪️ Customer names and account-related identifiers
▪️ Residential address information
▪️ Telephone and contact number fields
▪️ Tariff code and service classification data
▪️ Additional utility service records tied to water customer accounts
The dataset is described as containing customer information from the Palembang municipal water utility and is being offered for sale on an underground forum.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇸🇦 Wateen allegedly breached: 180K blood donor records exposed from Saudi Arabia blood donation app database
A threat actor claims to have leaked a database linked to Wateen, the official blood donation mobile application in Saudi Arabia launched in collaboration with the Ministry of Health. The actor alleges the exposed dataset contains 180,438 blood donor records, including donor identity, donation, blood type, and contact-related fields.
▸ Actor: lulzintel
▸ Sector: Healthcare / Blood Donation / Mobile App
▸ Type: Database Leak
▸ Records: 180,438 donor records
▸ Country: Saudi Arabia
▸ Date: 15/05/2026
Compromised data:
▪️ Blood donor records allegedly linked to the Wateen mobile application
▪️ Donor names and identity-related fields
▪️ Blood group and blood type information
▪️ Gender and donation date records
▪️ Donation type and donation status fields
▪️ Mobile number and donor ID-related fields
▪️ Blood bank and blood bag number references
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database linked to Wateen, the official blood donation mobile application in Saudi Arabia launched in collaboration with the Ministry of Health. The actor alleges the exposed dataset contains 180,438 blood donor records, including donor identity, donation, blood type, and contact-related fields.
▸ Actor: lulzintel
▸ Sector: Healthcare / Blood Donation / Mobile App
▸ Type: Database Leak
▸ Records: 180,438 donor records
▸ Country: Saudi Arabia
▸ Date: 15/05/2026
Compromised data:
▪️ Blood donor records allegedly linked to the Wateen mobile application
▪️ Donor names and identity-related fields
▪️ Blood group and blood type information
▪️ Gender and donation date records
▪️ Donation type and donation status fields
▪️ Mobile number and donor ID-related fields
▪️ Blood bank and blood bag number references
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A company that has an API subscription requested a specific forum to be scraped that is Tor only. I'm testing that functionality now with another forum. Assuming everything works properly I will be onboarding Tor only forums starting next week. Thought I would share.
❤1🔥1
‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━
Georgia Woman Who Faked Identity of Pregnant Teen to Target Adoptive Parents Sentenced on Cyberstalking and Threat Offenses
Full Press Release → justice.gov
━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor
Note: DOJ articles that are not Cyber related will be removed manually.
━━━━━━━━━━━━━━━━━━━━━
Georgia Woman Who Faked Identity of Pregnant Teen to Target Adoptive Parents Sentenced on Cyberstalking and Threat Offenses
Full Press Release → justice.gov
━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor
Note: DOJ articles that are not Cyber related will be removed manually.
www.justice.gov
Georgia Woman Who Faked Identity of Pregnant Teen to Target Adoptive
A Georgia woman was sentenced today to 20 months in prison and three years of supervised release for cyberstalking, transmitting threats to kidnap or injure in interstate commerce and identity theft.
‼️@TheGentlemen26 The Gentlemen are allegedly recruiting affiliates: ransomware-as-a-service program and locker tooling advertised on underground forum
A threat actor claims to be promoting The Gentlemen’s RaaS, a ransomware affiliate program targeting access brokers, pentesters, and criminal operators. The post advertises affiliate revenue sharing, victim negotiation control, locker and decryptor tooling, and cross-platform support for enterprise environments.
▸ Actor: hastalamuerte
▸ Sector: Ransomware-as-a-Service / Cybercrime Infrastructure
▸ Type: RaaS Advertisement
▸ Records: Not applicable
▸ Country: Unknown / Global
▸ Date: 15/05/2026
Advertised capabilities:
▪️ Ransomware affiliate program allegedly offering revenue sharing and victim negotiation control
▪️ Locker and decryptor tooling promoted for Windows, Linux, NAS, BSD, and ESXi environments
▪️ Cross-platform support for enterprise and virtualized infrastructure
▪️ Features marketed around selective encryption, network targeting, and automated operation
▪️ Affiliate access requirements involving prepared target data or deposits
▪️ Additional tooling references including EDR-related components, builder access, and multichain pivot support
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be promoting The Gentlemen’s RaaS, a ransomware affiliate program targeting access brokers, pentesters, and criminal operators. The post advertises affiliate revenue sharing, victim negotiation control, locker and decryptor tooling, and cross-platform support for enterprise environments.
▸ Actor: hastalamuerte
▸ Sector: Ransomware-as-a-Service / Cybercrime Infrastructure
▸ Type: RaaS Advertisement
▸ Records: Not applicable
▸ Country: Unknown / Global
▸ Date: 15/05/2026
Advertised capabilities:
▪️ Ransomware affiliate program allegedly offering revenue sharing and victim negotiation control
▪️ Locker and decryptor tooling promoted for Windows, Linux, NAS, BSD, and ESXi environments
▪️ Cross-platform support for enterprise and virtualized infrastructure
▪️ Features marketed around selective encryption, network targeting, and automated operation
▪️ Affiliate access requirements involving prepared target data or deposits
▪️ Additional tooling references including EDR-related components, builder access, and multichain pivot support
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇺🇸 Grafana has been claimed a victim to Coinbasecartel
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
‼️🇺🇸 Eli Lilly allegedly breached: 1.2K internal repositories and 40GB of Veeva Vault documents exposed from drug development and clinical trial systems up for sale for $70K A threat actor claims to have obtained internal codebases belonging to Eli Lilly…
‼️🇺🇸 Offers for the Eli Lilly data are being considered...
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇻🇪 Movistar Venezuela allegedly breached: 4.15M customer phone records exposed from 2026 telecom database
A threat actor claims to have breached Movistar Venezuela, a major Venezuelan telecommunications provider operated by Telefónica. The actor alleges the exposed dataset contains 4.15 million current phone number records from 2026, including subscriber identifiers, account details, geographic area data, lifecycle status, payment method, and product line information.
▸ Actor: GordonFreeman
▸ Sector: Telecommunications / Mobile Network Operator
▸ Type: Database Leak
▸ Records: 4.15 million customer records
▸ Country: Venezuela
▸ Date: 15/05/2026
Compromised data:
▪️ Customer phone number records allegedly linked to Movistar Venezuela
▪️ Subscriber ID and account number fields
▪️ Billing account number records
▪️ Customer names and identity number fields
▪️ Geographic area and service region data
▪️ Lifecycle status and product line information
▪️ Payment method fields tied to subscriber accounts
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Movistar Venezuela, a major Venezuelan telecommunications provider operated by Telefónica. The actor alleges the exposed dataset contains 4.15 million current phone number records from 2026, including subscriber identifiers, account details, geographic area data, lifecycle status, payment method, and product line information.
▸ Actor: GordonFreeman
▸ Sector: Telecommunications / Mobile Network Operator
▸ Type: Database Leak
▸ Records: 4.15 million customer records
▸ Country: Venezuela
▸ Date: 15/05/2026
Compromised data:
▪️ Customer phone number records allegedly linked to Movistar Venezuela
▪️ Subscriber ID and account number fields
▪️ Billing account number records
▪️ Customer names and identity number fields
▪️ Geographic area and service region data
▪️ Lifecycle status and product line information
▪️ Payment method fields tied to subscriber accounts
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations