‼️🇮🇱 Aran Group allegedly breached: internal IT infrastructure and operational data exposed from bag-in-box packaging systems

A threat actor claims to have breached Aran Group, an Israeli industrial liquid packaging company specializing in bag-in-box (BIB) and aseptic packaging solutions for food and beverage markets. The actor alleges the incident affected IT infrastructure across multiple regions and included internal access, operational records, and supporting attachments shared as proof.

▸ Actor: MDGhost
▸ Sector: Industrial Packaging / Manufacturing
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: Israel
▸ Date: 15/05/2026

Compromised data:

▪️ Internal IT infrastructure allegedly linked to Aran Group operations
▪️ Operational data connected to industrial packaging environments
▪️ Access-related materials and internal system references
▪️ Regional infrastructure allegedly spanning Israel, the United States, Germany, and Spain
▪️ Attachments shared by the actor as proof of access
▪️ Company and business operations data tied to bag-in-box packaging services

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇮🇩 @Sorbinfo Perumda Tirta Musi Palembang allegedly breached: 437K customer records and 257K phone numbers exposed from Indonesian water utility data

A threat actor claims to be selling data linked to Perumda Tirta Musi Palembang, the city-owned water utility provider serving customers in Palembang, Indonesia. The actor alleges the exposed dataset contains more than 437,000 customer records and 257,000 phone numbers, including names, addresses, telephone numbers, tariff codes, and other service-related fields.

▸ Actor: Sorb
▸ Sector: Water Utility / Public Services
▸ Type: Database Leak
▸ Records: 437,000+ customer records and 257,000 phone numbers
▸ Country: Indonesia
▸ Date: 13/05/2026

Compromised data:

▪️ Customer database records allegedly linked to Perumda Tirta Musi Palembang
▪️ Customer names and account-related identifiers
▪️ Residential address information
▪️ Telephone and contact number fields
▪️ Tariff code and service classification data
▪️ Additional utility service records tied to water customer accounts

The dataset is described as containing customer information from the Palembang municipal water utility and is being offered for sale on an underground forum.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇸🇦 Wateen allegedly breached: 180K blood donor records exposed from Saudi Arabia blood donation app database

A threat actor claims to have leaked a database linked to Wateen, the official blood donation mobile application in Saudi Arabia launched in collaboration with the Ministry of Health. The actor alleges the exposed dataset contains 180,438 blood donor records, including donor identity, donation, blood type, and contact-related fields.

▸ Actor: lulzintel
▸ Sector: Healthcare / Blood Donation / Mobile App
▸ Type: Database Leak
▸ Records: 180,438 donor records
▸ Country: Saudi Arabia
▸ Date: 15/05/2026

Compromised data:

▪️ Blood donor records allegedly linked to the Wateen mobile application
▪️ Donor names and identity-related fields
▪️ Blood group and blood type information
▪️ Gender and donation date records
▪️ Donation type and donation status fields
▪️ Mobile number and donor ID-related fields
▪️ Blood bank and blood bag number references

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️@TheGentlemen26 The Gentlemen are allegedly recruiting affiliates: ransomware-as-a-service program and locker tooling advertised on underground forum

A threat actor claims to be promoting The Gentlemen’s RaaS, a ransomware affiliate program targeting access brokers, pentesters, and criminal operators. The post advertises affiliate revenue sharing, victim negotiation control, locker and decryptor tooling, and cross-platform support for enterprise environments.

▸ Actor: hastalamuerte
▸ Sector: Ransomware-as-a-Service / Cybercrime Infrastructure
▸ Type: RaaS Advertisement
▸ Records: Not applicable
▸ Country: Unknown / Global
▸ Date: 15/05/2026

Advertised capabilities:

▪️ Ransomware affiliate program allegedly offering revenue sharing and victim negotiation control
▪️ Locker and decryptor tooling promoted for Windows, Linux, NAS, BSD, and ESXi environments
▪️ Cross-platform support for enterprise and virtualized infrastructure
▪️ Features marketed around selective encryption, network targeting, and automated operation
▪️ Affiliate access requirements involving prepared target data or deposits
▪️ Additional tooling references including EDR-related components, builder access, and multichain pivot support

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇺🇸 Grafana has been claimed a victim to Coinbasecartel
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇻🇪 Movistar Venezuela allegedly breached: 4.15M customer phone records exposed from 2026 telecom database

A threat actor claims to have breached Movistar Venezuela, a major Venezuelan telecommunications provider operated by Telefónica. The actor alleges the exposed dataset contains 4.15 million current phone number records from 2026, including subscriber identifiers, account details, geographic area data, lifecycle status, payment method, and product line information.

▸ Actor: GordonFreeman
▸ Sector: Telecommunications / Mobile Network Operator
▸ Type: Database Leak
▸ Records: 4.15 million customer records
▸ Country: Venezuela
▸ Date: 15/05/2026

Compromised data:

▪️ Customer phone number records allegedly linked to Movistar Venezuela
▪️ Subscriber ID and account number fields
▪️ Billing account number records
▪️ Customer names and identity number fields
▪️ Geographic area and service region data
▪️ Lifecycle status and product line information
▪️ Payment method fields tied to subscriber accounts

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️TeamPCP announces forum co-ownership: platform operations, partnerships, moderation, and resource quality responsibilities outlined

TeamPCP announced its new role as co-owners of the Breached forum platform, stating the team will help manage staffing, partnerships, community decisions, moderation, escrow services, and premium resource access. The post frames the role as focused on platform reliability, community growth, verified content, and maintaining forum standards.

▸ Actor: TeamPCP
▸ Sector: Cybercrime Forum / Community Operations
▸ Type: Forum Announcement
▸ Date: 15/05/2026

Key points:

▪️ TeamPCP announced a co-ownership role within the Breached forum platform
▪️ Responsibilities include infrastructure uptime, staff management, moderation, and dispute handling
▪️ Community growth plans include onboarding partners and expanding access to premium resources
▪️ Resource quality efforts include verifying shared databases and tools
▪️ Low-quality, fake, or malicious content is described as subject to removal
▪️ Members who provide verified material may be rewarded by the platform

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations