π¨π«π· Norauto allegedly breached: 522MB customer database exposed from French automotive service records
A threat actor claims to have leaked a database tied to Norauto, a European automotive service and equipment company specializing in car maintenance, repairs, tire fitting, auto parts, and accessories.
ββββββββββββββββββββ
Target: Norauto
Sector: Automotive Services / Retail / Customer Data
Incident: Database Leak
Exposure: 522MB
Actor: shitanus
Country: France
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Customer database records allegedly linked to Norauto
βͺοΈ Customer names and profile identifiers
βͺοΈ Email addresses and phone number fields
βͺοΈ Address records including city, country, and postal code fields
βͺοΈ Customer ID and account-related metadata
βͺοΈ Antifraud scoring and validation status fields
βͺοΈ Custom customer fields referencing loyalty and identity-related labels
βͺοΈ Rental or store-related account activity metadata
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, targeted scams, and social engineering against Norauto customers.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the download is locked behind paid forum access.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Norauto, a European automotive service and equipment company specializing in car maintenance, repairs, tire fitting, auto parts, and accessories.
ββββββββββββββββββββ
Target: Norauto
Sector: Automotive Services / Retail / Customer Data
Incident: Database Leak
Exposure: 522MB
Actor: shitanus
Country: France
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Customer database records allegedly linked to Norauto
βͺοΈ Customer names and profile identifiers
βͺοΈ Email addresses and phone number fields
βͺοΈ Address records including city, country, and postal code fields
βͺοΈ Customer ID and account-related metadata
βͺοΈ Antifraud scoring and validation status fields
βͺοΈ Custom customer fields referencing loyalty and identity-related labels
βͺοΈ Rental or store-related account activity metadata
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, targeted scams, and social engineering against Norauto customers.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the download is locked behind paid forum access.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨π°πͺ Land Surveyors Board of Kenya allegedly breached: licensed surveyor and assistant records exposed from government regulatory database
A threat actor claims to have breached the Land Surveyors Board of Kenya, the official Kenyan government regulatory body responsible for licensing land surveyors across the Republic of Kenya.
ββββββββββββββββββββ
Target: Land Surveyors Board of Kenya
Sector: Government / Professional Licensing / Land Surveying
Incident: Data Breach
Exposure: 175 licensed surveyors and 730 approved survey assistants
Actor: cc5ab
Country: Kenya
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Licensed surveyor records for the 2026 licensing year
βͺοΈ Full names and professional licensing status fields
βͺοΈ Personal email and postal address fields
βͺοΈ Firm or company names linked to licensed surveyors
βͺοΈ License numbers and active/inactive status records
βͺοΈ Approved survey assistant records and registration details
βͺοΈ Verification endpoint data containing additional identity and profile-related fields
Potential impact:
The exposed data could be used for impersonation, targeted phishing, licensing fraud, and social engineering against surveyors, assistants, firms, and regulatory contacts.
Status:
Unverified underground forum claim. The actor posted a summary of exposed data and claims additional API and administrative access details were included.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached the Land Surveyors Board of Kenya, the official Kenyan government regulatory body responsible for licensing land surveyors across the Republic of Kenya.
ββββββββββββββββββββ
Target: Land Surveyors Board of Kenya
Sector: Government / Professional Licensing / Land Surveying
Incident: Data Breach
Exposure: 175 licensed surveyors and 730 approved survey assistants
Actor: cc5ab
Country: Kenya
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Licensed surveyor records for the 2026 licensing year
βͺοΈ Full names and professional licensing status fields
βͺοΈ Personal email and postal address fields
βͺοΈ Firm or company names linked to licensed surveyors
βͺοΈ License numbers and active/inactive status records
βͺοΈ Approved survey assistant records and registration details
βͺοΈ Verification endpoint data containing additional identity and profile-related fields
Potential impact:
The exposed data could be used for impersonation, targeted phishing, licensing fraud, and social engineering against surveyors, assistants, firms, and regulatory contacts.
Status:
Unverified underground forum claim. The actor posted a summary of exposed data and claims additional API and administrative access details were included.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
πͺ Slice For Life - Part 2 πͺ
I will be adding a "Chatter" category just above where the pagination bar is with the other categories in a couple of hours on the threat feed. Be sure to update your notifications after it starts providing posts if you don't want to see/hear the noise. _β¦
I'm testing this out with Dread. Right now the only issue is loading the CSS properly. Its not a Tor issue. Once it looks solid for 24 hours or so we move on to the next.
This media is not supported in your browser
VIEW IN TELEGRAM
RDP Stealer with Windows Defender Bypass
Video credit: youtube.com/@digitaldefenders76
________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Video credit: youtube.com/@digitaldefenders76
________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
β€2
π¨π―π΅ Okinawa Tourist Service allegedly breached: 600K+ customer records and ID document images advertised for sale
A threat actor claims to be selling customer data tied to Okinawa Tourist Service, a Japan-based travel and transportation company operating rental car and tourism services.
ββββββββββββββββββββ
Target: Okinawa Tourist Service
Sector: Travel / Transportation / Car Rental
Incident: Data Leak / Sale
Exposure: 600K+ customer records and 4,371 ID card image records
Actor: sexybroker
Country: Japan
Date: 17/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Customer records allegedly linked to Okinawa Tourist Service
βͺοΈ Names, kana fields, gender, and birth date data
βͺοΈ Address, ZIP/postal code, telephone, and email fields
βͺοΈ Age and social media-related profile fields
βͺοΈ Driver license numbers and license issue/expiration dates
βͺοΈ Driver license image references and front/back ID card scans
βͺοΈ CSV customer member database and image archive samples
Potential impact:
The exposed data could be used for identity theft, travel fraud, account impersonation, phishing, and targeted scams against rental car and tourism customers.
Status:
Unverified underground forum sale listing. The actor posted sample customer fields, archive counts, and driver license image previews as proof.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling customer data tied to Okinawa Tourist Service, a Japan-based travel and transportation company operating rental car and tourism services.
ββββββββββββββββββββ
Target: Okinawa Tourist Service
Sector: Travel / Transportation / Car Rental
Incident: Data Leak / Sale
Exposure: 600K+ customer records and 4,371 ID card image records
Actor: sexybroker
Country: Japan
Date: 17/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Customer records allegedly linked to Okinawa Tourist Service
βͺοΈ Names, kana fields, gender, and birth date data
βͺοΈ Address, ZIP/postal code, telephone, and email fields
βͺοΈ Age and social media-related profile fields
βͺοΈ Driver license numbers and license issue/expiration dates
βͺοΈ Driver license image references and front/back ID card scans
βͺοΈ CSV customer member database and image archive samples
Potential impact:
The exposed data could be used for identity theft, travel fraud, account impersonation, phishing, and targeted scams against rental car and tourism customers.
Status:
Unverified underground forum sale listing. The actor posted sample customer fields, archive counts, and driver license image previews as proof.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨πΏπ¦ Gauteng Provincial Government allegedly breached: 3.8TB government portal dump advertised for sale
A threat actor claims to be selling a large data dump tied to the Gauteng Provincial Government, the provincial government authority for Gauteng, South Africa.
ββββββββββββββββββββ
Target: Gauteng Provincial Government
Sector: Government / Public Services
Incident: Data Breach / Data Sale
Exposure: 3.8TB across 3,673,556 files
Actor: Kazu
Country: South Africa
Price: $25,000
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Large-scale government portal data allegedly linked to Gauteng Provincial Government systems
βͺοΈ Public service and departmental records
βͺοΈ Government program and administrative files
βͺοΈ Healthcare, education, housing, and economic development-related data
βͺοΈ Multi-terabyte archive containing millions of files
Potential impact:
The exposed data could create privacy, operational, and public-sector security risks for residents, businesses, government departments, and service users across Gauteng.
Status:
Unverified underground forum sale listing. The actor claims the dump totals approximately 3.8TB and is being offered for sale with samples available through external channels.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a large data dump tied to the Gauteng Provincial Government, the provincial government authority for Gauteng, South Africa.
ββββββββββββββββββββ
Target: Gauteng Provincial Government
Sector: Government / Public Services
Incident: Data Breach / Data Sale
Exposure: 3.8TB across 3,673,556 files
Actor: Kazu
Country: South Africa
Price: $25,000
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Large-scale government portal data allegedly linked to Gauteng Provincial Government systems
βͺοΈ Public service and departmental records
βͺοΈ Government program and administrative files
βͺοΈ Healthcare, education, housing, and economic development-related data
βͺοΈ Multi-terabyte archive containing millions of files
Potential impact:
The exposed data could create privacy, operational, and public-sector security risks for residents, businesses, government departments, and service users across Gauteng.
Status:
Unverified underground forum sale listing. The actor claims the dump totals approximately 3.8TB and is being offered for sale with samples available through external channels.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨πͺπΈ Health Time allegedly breached: 2.25M user records advertised for sale from Spanish medical diagnostics provider
A threat actor claims to be selling a database tied to Health Time / HT MΓ©dica, a Spanish medical imaging and diagnostic services provider operating diagnostic centers across Spain.
ββββββββββββββββββββ
Target: Health Time / HT MΓ©dica
Sector: Healthcare / Medical Diagnostics / Radiology
Incident: Data Breach / Data Sale
Exposure: 2,253,981 user records
Actor: Kazu
Country: Spain
Price: $4,000
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ User records allegedly linked to Health Time / HT MΓ©dica
βͺοΈ Patient or customer profile data
βͺοΈ Healthcare service-related account records
βͺοΈ Diagnostic center and medical service metadata
βͺοΈ Internal platform or portal-related records
βͺοΈ Sample previews allegedly shared through external channels
Potential impact:
The exposed data could create serious privacy, compliance, phishing, impersonation, and healthcare fraud risks for patients, customers, and medical service users.
Status:
Unverified underground forum sale listing. The actor claims the dataset contains 2,253,981 user records and is being offered for $4,000 with samples available through external channels.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a database tied to Health Time / HT MΓ©dica, a Spanish medical imaging and diagnostic services provider operating diagnostic centers across Spain.
ββββββββββββββββββββ
Target: Health Time / HT MΓ©dica
Sector: Healthcare / Medical Diagnostics / Radiology
Incident: Data Breach / Data Sale
Exposure: 2,253,981 user records
Actor: Kazu
Country: Spain
Price: $4,000
Date: 16/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ User records allegedly linked to Health Time / HT MΓ©dica
βͺοΈ Patient or customer profile data
βͺοΈ Healthcare service-related account records
βͺοΈ Diagnostic center and medical service metadata
βͺοΈ Internal platform or portal-related records
βͺοΈ Sample previews allegedly shared through external channels
Potential impact:
The exposed data could create serious privacy, compliance, phishing, impersonation, and healthcare fraud risks for patients, customers, and medical service users.
Status:
Unverified underground forum sale listing. The actor claims the dataset contains 2,253,981 user records and is being offered for $4,000 with samples available through external channels.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨πͺπΈ Matferline allegedly breached: 703K Spanish driving school student records advertised for sale
A threat actor claims to be selling a database tied to Matferline, a Spanish cloud-based driving school management platform.
ββββββββββββββββββββ
Target: Matferline
Sector: Education / Driving School Software
Incident: Database Leak / Data Sale
Exposure: 703,450 records
Actor: macaroni
Country: Spain
Price: $35,000 full DB exclusive
Date: 17/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Student records allegedly linked to Matferline driving school systems
βͺοΈ DNI identity number fields
βͺοΈ Names and email addresses
βͺοΈ Phone number fields
βͺοΈ Usernames and account status data
βͺοΈ Plaintext password fields referenced by the actor
βͺοΈ Registration dates and profile photo references
βͺοΈ Validated and deduplicated record subsets
Potential impact:
The exposed data could be used for identity theft, phishing, credential stuffing, student impersonation, and targeted scams against Spanish driving school students and operators.
Status:
Unverified underground forum sale listing. The actor claims the dataset was obtained through SQL injection and contains 703,450 total records, including 614,517 clean, deduplicated, and validated entries.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a database tied to Matferline, a Spanish cloud-based driving school management platform.
ββββββββββββββββββββ
Target: Matferline
Sector: Education / Driving School Software
Incident: Database Leak / Data Sale
Exposure: 703,450 records
Actor: macaroni
Country: Spain
Price: $35,000 full DB exclusive
Date: 17/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Student records allegedly linked to Matferline driving school systems
βͺοΈ DNI identity number fields
βͺοΈ Names and email addresses
βͺοΈ Phone number fields
βͺοΈ Usernames and account status data
βͺοΈ Plaintext password fields referenced by the actor
βͺοΈ Registration dates and profile photo references
βͺοΈ Validated and deduplicated record subsets
Potential impact:
The exposed data could be used for identity theft, phishing, credential stuffing, student impersonation, and targeted scams against Spanish driving school students and operators.
Status:
Unverified underground forum sale listing. The actor claims the dataset was obtained through SQL injection and contains 703,450 total records, including 614,517 clean, deduplicated, and validated entries.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨ PanARCH malware service advertised: Java RAT, exploit builder, payload delivery, and direct link hosting promoted on underground forum
A threat actor is advertising PanARCH, a malware-focused service bundle claiming to provide remote access tooling, payload-building modules, delivery infrastructure, and private file-hosting services.
ββββββββββββββββββββ
Service: PanARCH
Sector: Malware-as-a-Service / Cybercrime Infrastructure
Incident: Malware Service Advertisement
Exposure: Java RAT, exploit builder, delivery engine, and direct link service
Actor: PanARCH
Price: Pricing available via direct message
Date: 17/05/2026
ββββββββββββββββββββ
Whatβs being advertised:
βͺοΈ Java RAT tooling marketed for multiple operating systems
βͺοΈ Surveillance and remote access capabilities
βͺοΈ Credential theft and browser data collection features
βͺοΈ Payload builder modules for multiple delivery formats
βͺοΈ Browser-based payload delivery infrastructure
βͺοΈ Private direct-link file hosting with encrypted storage claims
βͺοΈ Custom licensing and modular access options
Potential impact:
The advertised tooling could support unauthorized access, credential theft, malware delivery, persistence, and broader compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The actor posted a detailed service panel and promotional material describing multiple malware and delivery components.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising PanARCH, a malware-focused service bundle claiming to provide remote access tooling, payload-building modules, delivery infrastructure, and private file-hosting services.
ββββββββββββββββββββ
Service: PanARCH
Sector: Malware-as-a-Service / Cybercrime Infrastructure
Incident: Malware Service Advertisement
Exposure: Java RAT, exploit builder, delivery engine, and direct link service
Actor: PanARCH
Price: Pricing available via direct message
Date: 17/05/2026
ββββββββββββββββββββ
Whatβs being advertised:
βͺοΈ Java RAT tooling marketed for multiple operating systems
βͺοΈ Surveillance and remote access capabilities
βͺοΈ Credential theft and browser data collection features
βͺοΈ Payload builder modules for multiple delivery formats
βͺοΈ Browser-based payload delivery infrastructure
βͺοΈ Private direct-link file hosting with encrypted storage claims
βͺοΈ Custom licensing and modular access options
Potential impact:
The advertised tooling could support unauthorized access, credential theft, malware delivery, persistence, and broader compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The actor posted a detailed service panel and promotional material describing multiple malware and delivery components.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations