๐จ๐ฒ๐ฝ Perfilan allegedly breached: 3.7M Mexican real estate customer records exposed from business service database
A threat actor claims to have leaked part of a customer database tied to Perfilan, a Mexico-based service provider for businesses in the real estate sector.
โโโโโโโโโโโโโโโโโโโโ
Target: Perfilan
Sector: Real Estate / Business Services / CRM Data
Incident: Database Leak
Exposure: 3,711,285 records / 83 CSV files / 924MB
Actor: zSenior
Country: Mexico
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer and lead records allegedly linked to Perfilan
โช๏ธ Names, phone numbers, and email address fields
โช๏ธ Real estate project and origin/source fields
โช๏ธ Registration dates and lead status information
โช๏ธ Discard reason and general notes fields
โช๏ธ Call count, last call date, and last note metadata
โช๏ธ CRM-style customer interaction and sales pipeline records
Potential impact:
The exposed data could be used for phishing, real estate scams, customer impersonation, lead fraud, and targeted social engineering against buyers, sellers, and real estate businesses.
Status:
Unverified underground forum claim. The actor posted CSV sample data and claims this is a partial leak containing more than 3.7M records.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked part of a customer database tied to Perfilan, a Mexico-based service provider for businesses in the real estate sector.
โโโโโโโโโโโโโโโโโโโโ
Target: Perfilan
Sector: Real Estate / Business Services / CRM Data
Incident: Database Leak
Exposure: 3,711,285 records / 83 CSV files / 924MB
Actor: zSenior
Country: Mexico
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer and lead records allegedly linked to Perfilan
โช๏ธ Names, phone numbers, and email address fields
โช๏ธ Real estate project and origin/source fields
โช๏ธ Registration dates and lead status information
โช๏ธ Discard reason and general notes fields
โช๏ธ Call count, last call date, and last note metadata
โช๏ธ CRM-style customer interaction and sales pipeline records
Potential impact:
The exposed data could be used for phishing, real estate scams, customer impersonation, lead fraud, and targeted social engineering against buyers, sellers, and real estate businesses.
Status:
Unverified underground forum claim. The actor posted CSV sample data and claims this is a partial leak containing more than 3.7M records.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
I am testing backend functionality with screenshots for the next hour... you may see broken screenshots. I will update once maintenance is complete.
๐ช Slice For Life - Part 2 ๐ช
I am testing backend functionality with screenshots for the next hour... you may see broken screenshots. I will update once maintenance is complete.
Maintenance on threat-feed images is complete, and images should no longer appear broken.
The backend has been updated to run a visual safety check on images before they are sent to the feeds.
Screenshots may be automatically suppressed before appearing in the feed if they fail automated visual safety checks, return an uncertain result, or cannot be scanned.
The alert itself will still appear when text-based threat intelligence is available. Suppression only affects the screenshot preview; it does not necessarily mean the alert is invalid or unrelated to cyber threat activity.
There is no evidence that unsafe imagery has passed through to the feed. I'm remaining transparent with any changes done as always. This is a preventative safety measure. If unsafe imagery were ever to bypass the scanner and other filters, I would take appropriate action, including reporting to law enforcement where required.
The backend has been updated to run a visual safety check on images before they are sent to the feeds.
Screenshots may be automatically suppressed before appearing in the feed if they fail automated visual safety checks, return an uncertain result, or cannot be scanned.
The alert itself will still appear when text-based threat intelligence is available. Suppression only affects the screenshot preview; it does not necessarily mean the alert is invalid or unrelated to cyber threat activity.
There is no evidence that unsafe imagery has passed through to the feed. I'm remaining transparent with any changes done as always. This is a preventative safety measure. If unsafe imagery were ever to bypass the scanner and other filters, I would take appropriate action, including reporting to law enforcement where required.
๐จ๐ฉ๐ฟ University of Guelma allegedly breached: seminar management system compromised and user data exposed
A threat actor claims to have compromised the seminar management application hosted by the University of Guelma, an Algerian public university platform used for seminar-related registration and management.
โโโโโโโโโโโโโโโโโโโโ
Target: University of Guelma
Sector: Education / Higher Education
Incident: Data Breach
Exposure: Seminar system database
Actor: govmaroc
Country: Algeria
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Seminar management system database access
โช๏ธ User credential and account-related records
โช๏ธ Personal information tied to seminar users
โช๏ธ Seminar registration and participation details
โช๏ธ Backend database content allegedly accessed through the application
โช๏ธ Administrative system integrity concerns
โช๏ธ University-hosted application data linked to the seminar platform
Potential impact:
The exposed data could be used for phishing, account takeover attempts, impersonation, credential targeting, and further social engineering against students, staff, and seminar participants.
Status:
Unverified underground forum claim.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have compromised the seminar management application hosted by the University of Guelma, an Algerian public university platform used for seminar-related registration and management.
โโโโโโโโโโโโโโโโโโโโ
Target: University of Guelma
Sector: Education / Higher Education
Incident: Data Breach
Exposure: Seminar system database
Actor: govmaroc
Country: Algeria
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Seminar management system database access
โช๏ธ User credential and account-related records
โช๏ธ Personal information tied to seminar users
โช๏ธ Seminar registration and participation details
โช๏ธ Backend database content allegedly accessed through the application
โช๏ธ Administrative system integrity concerns
โช๏ธ University-hosted application data linked to the seminar platform
Potential impact:
The exposed data could be used for phishing, account takeover attempts, impersonation, credential targeting, and further social engineering against students, staff, and seminar participants.
Status:
Unverified underground forum claim.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ฎ๐ฉ Indonesian National Armed Forces allegedly breached: 14K military officer records leaked from TNI database
A threat actor claims to have leaked a database tied to the Indonesian National Armed Forces, also known as Tentara Nasional Indonesia (TNI), allegedly exposing personnel and service-related records for military officers.
โโโโโโโโโโโโโโโโโโโโ
Target: Indonesian National Armed Forces
Sector: Military / Government / Defense
Incident: Database Leak
Exposure: 14K rows
Actor: mosad
Country: Indonesia
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Military officer records allegedly linked to TNI systems
โช๏ธ Full names and military identification number fields
โช๏ธ Rank, corps/branch, unit, and job title information
โช๏ธ Date of birth, age, gender, and religion fields
โช๏ธ Current position assignment and rank promotion dates
โช๏ธ Military education and training classification fields
โช๏ธ Employment status, office address, and home address fields
โช๏ธ Phone number fields tied to personnel records
Potential impact:
The exposed data could create serious operational security, impersonation, phishing, social engineering, and personnel privacy risks for military officers and defense-related institutions.
Status:
Unverified underground forum claim. The actor posted a field breakdown and sample reference, with download links shared through external channels.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to the Indonesian National Armed Forces, also known as Tentara Nasional Indonesia (TNI), allegedly exposing personnel and service-related records for military officers.
โโโโโโโโโโโโโโโโโโโโ
Target: Indonesian National Armed Forces
Sector: Military / Government / Defense
Incident: Database Leak
Exposure: 14K rows
Actor: mosad
Country: Indonesia
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Military officer records allegedly linked to TNI systems
โช๏ธ Full names and military identification number fields
โช๏ธ Rank, corps/branch, unit, and job title information
โช๏ธ Date of birth, age, gender, and religion fields
โช๏ธ Current position assignment and rank promotion dates
โช๏ธ Military education and training classification fields
โช๏ธ Employment status, office address, and home address fields
โช๏ธ Phone number fields tied to personnel records
Potential impact:
The exposed data could create serious operational security, impersonation, phishing, social engineering, and personnel privacy risks for military officers and defense-related institutions.
Status:
Unverified underground forum claim. The actor posted a field breakdown and sample reference, with download links shared through external channels.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โค1
๐ช Slice For Life - Part 2 ๐ช
๐จ๐ซ๐ท Gรฎtes de France allegedly breached: 389K guest and booking records exposed from French holiday rental database A threat actor claims to have leaked a database tied to Gรฎtes de France, a French holiday rental network specializing in countryside stays,โฆ
Gรฎtes de France has confirmed a security incident.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จX-HAVEN exploit service advertised: silent document payload execution tool promoted on underground forum
A threat actor is advertising X-HAVEN, a malicious exploit service claiming to support silent payload execution through weaponized document formats.
โโโโโโโโโโโโโโโโโโโโ
Service: X-HAVEN
Sector: Malware / Exploit Sales / Cybercrime Infrastructure
Incident: Exploit Service Advertisement
Exposure: DOC, XLS, and PDF payload delivery
Actor: TheStrain
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Silent document-based payload execution
โช๏ธ Claimed Microsoft Office compatibility across multiple versions
โช๏ธ Antivirus and Windows Defender bypass claims
โช๏ธ Direct attachment delivery for email-based campaigns
โช๏ธ Payload support for multiple executable and script formats
Potential impact:
The advertised service could enable malware delivery, phishing campaigns, credential theft, unauthorized access, and compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The seller posted promotional material describing exploit capabilities, payment terms, and support channels.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising X-HAVEN, a malicious exploit service claiming to support silent payload execution through weaponized document formats.
โโโโโโโโโโโโโโโโโโโโ
Service: X-HAVEN
Sector: Malware / Exploit Sales / Cybercrime Infrastructure
Incident: Exploit Service Advertisement
Exposure: DOC, XLS, and PDF payload delivery
Actor: TheStrain
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Silent document-based payload execution
โช๏ธ Claimed Microsoft Office compatibility across multiple versions
โช๏ธ Antivirus and Windows Defender bypass claims
โช๏ธ Direct attachment delivery for email-based campaigns
โช๏ธ Payload support for multiple executable and script formats
Potential impact:
The advertised service could enable malware delivery, phishing campaigns, credential theft, unauthorized access, and compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The seller posted promotional material describing exploit capabilities, payment terms, and support channels.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐1
๐จ Domain and Telegram takedown service offered against fraudulent and illegal resources
๐ญ3
๐ช Slice For Life - Part 2 ๐ช
๐จ Domain and Telegram takedown service offered against fraudulent and illegal resources
Chat we are actually safe for once, allegedly.
๐2
๐จ๐ฐ๐ผ Kuwait Ministry of Electricity allegedly breached: employee database leaked from government ministry records
A threat actor claims to have leaked employee data tied to Kuwaitโs Ministry of Electricity, the government ministry responsible for electricity-related public services and infrastructure.
โโโโโโโโโโโโโโโโโโโโ
Target: Kuwait Ministry of Electricity
Sector: Government / Energy / Public Utilities
Incident: Database Leak
Exposure: Ministry employee records
Actor: Revesky
Country: Kuwait
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Employee records allegedly linked to Kuwaitโs Ministry of Electricity
โช๏ธ Full name fields
โช๏ธ Job status information
โช๏ธ Phone number fields
โช๏ธ Phone-related metadata
โช๏ธ Job location data
โช๏ธ Full dataset allegedly hidden behind forum access
Potential impact:
The exposed data could be used for phishing, impersonation, targeted social engineering, and fraud attempts against ministry employees and public-sector contacts.
Status:
Unverified underground forum claim.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked employee data tied to Kuwaitโs Ministry of Electricity, the government ministry responsible for electricity-related public services and infrastructure.
โโโโโโโโโโโโโโโโโโโโ
Target: Kuwait Ministry of Electricity
Sector: Government / Energy / Public Utilities
Incident: Database Leak
Exposure: Ministry employee records
Actor: Revesky
Country: Kuwait
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Employee records allegedly linked to Kuwaitโs Ministry of Electricity
โช๏ธ Full name fields
โช๏ธ Job status information
โช๏ธ Phone number fields
โช๏ธ Phone-related metadata
โช๏ธ Job location data
โช๏ธ Full dataset allegedly hidden behind forum access
Potential impact:
The exposed data could be used for phishing, impersonation, targeted social engineering, and fraud attempts against ministry employees and public-sector contacts.
Status:
Unverified underground forum claim.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ซ๐ท ARGUS Lookup allegedly advertised: French dataleak lookup, geolocation, and spyware-style intelligence platform promoted on underground forum
A threat actor is advertising ARGUS Lookup, a French-focused doxxing and spyware-style intelligence platform claiming to combine leaked databases, identity lookup, geolocation, facial recognition, and account correlation features.
โโโโโโโโโโโโโโโโโโโโ
Service: ARGUS Lookup
Sector: Doxxing Tools / Spyware / Cybercrime Intelligence
Incident: Spyware & Dataleak Service Advertisement
Exposure: French dataleak lookup and real-time geolocation tools
Actor: near2tlg
Country: France
Price: $400 for 7 days / $1,300 for 30 days / $3,500 lifetime
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ French dataleak lookup covering records from 2010โ2026
โช๏ธ Identity, contact, address, and account correlation features
โช๏ธ SS7 and HLR/VLR-style geolocation lookup claims
โช๏ธ Facial recognition and profile-matching capabilities
โช๏ธ Database access tied to financial, government, insurance, and telecom-style sources
โช๏ธ Stealer, URL password, and combo lookup/checking functionality
โช๏ธ Premium subscription tiers with cryptocurrency payment options
Potential impact:
The advertised service could enable doxxing, stalking, identity theft, SIM-swap targeting, phishing, financial fraud, and targeted surveillance against French individuals.
Status:
Underground forum advertisement. The actor posted a dashboard preview, listed claimed lookup capabilities, and included premium pricing tiers for access.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising ARGUS Lookup, a French-focused doxxing and spyware-style intelligence platform claiming to combine leaked databases, identity lookup, geolocation, facial recognition, and account correlation features.
โโโโโโโโโโโโโโโโโโโโ
Service: ARGUS Lookup
Sector: Doxxing Tools / Spyware / Cybercrime Intelligence
Incident: Spyware & Dataleak Service Advertisement
Exposure: French dataleak lookup and real-time geolocation tools
Actor: near2tlg
Country: France
Price: $400 for 7 days / $1,300 for 30 days / $3,500 lifetime
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ French dataleak lookup covering records from 2010โ2026
โช๏ธ Identity, contact, address, and account correlation features
โช๏ธ SS7 and HLR/VLR-style geolocation lookup claims
โช๏ธ Facial recognition and profile-matching capabilities
โช๏ธ Database access tied to financial, government, insurance, and telecom-style sources
โช๏ธ Stealer, URL password, and combo lookup/checking functionality
โช๏ธ Premium subscription tiers with cryptocurrency payment options
Potential impact:
The advertised service could enable doxxing, stalking, identity theft, SIM-swap targeting, phishing, financial fraud, and targeted surveillance against French individuals.
Status:
Underground forum advertisement. The actor posted a dashboard preview, listed claimed lookup capabilities, and included premium pricing tiers for access.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐ช๐บ Europol Press Release
โโโโโโโโโโโโโโโโโโโโโ
EU targets Iranโs Revolutionary Guard propaganda ecosystem in an online crackdown
Full Press Release โ europol.europa.eu
โโโโโโโโโโโโโโโโโโโโโ
๐ต๏ธ Dark Web Informer โข Europol Monitor
Note: Europol articles that are not Cyber related will be removed manually.
โโโโโโโโโโโโโโโโโโโโโ
EU targets Iranโs Revolutionary Guard propaganda ecosystem in an online crackdown
Full Press Release โ europol.europa.eu
โโโโโโโโโโโโโโโโโโโโโ
๐ต๏ธ Dark Web Informer โข Europol Monitor
Note: Europol articles that are not Cyber related will be removed manually.
Europol
EU targets Iranโs Revolutionary Guard propaganda ecosystem in an online crackdown โ Investigators identified 14 200 links tiedโฆ
A total of 14 200 posts linked to Iranโs Islamic Revolutionary Guard Corps (IRGC), now designated as a terrorist organisation by the European Union (EU), have been targeted in a coordinated action against terrorist content online.
Cyberattack News Alert
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Chanhassen Dinner Theatres
Domain:
Country: ๐บ๐ธ US
Date: May 16th, 2026
Summary:
Chanhassen Dinner Theatres was forced to temporarily suspend certain performances due to a cyberattack detected on its computer network, which prompted the theater to take its systems offline as a precautionary measure. The organization is working diligently with external experts to restore services and reschedule the affected performances. Ticketholders for the affected shows will be contacted directly by phone or email for further details.
Source: https://bringmethenews.com/minnesota-lifestyle/chanhassen-dinner-theatres-says-cyber-attack-may-affect-upcoming-performances
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Chanhassen Dinner Theatres
Domain:
chanhassendt.comCountry: ๐บ๐ธ US
Date: May 16th, 2026
Summary:
Chanhassen Dinner Theatres was forced to temporarily suspend certain performances due to a cyberattack detected on its computer network, which prompted the theater to take its systems offline as a precautionary measure. The organization is working diligently with external experts to restore services and reschedule the affected performances. Ticketholders for the affected shows will be contacted directly by phone or email for further details.
Source: https://bringmethenews.com/minnesota-lifestyle/chanhassen-dinner-theatres-says-cyber-attack-may-affect-upcoming-performances
Bring Me The News
Chanhassen Dinner Theatres says cyber attack may affect upcoming performances
An attack on its computer network will result in some rescheduled shows, though details are still being worked out.
๐จGoogle-signed SMTP mailer allegedly advertised: Gmail relay-based mailer service promoted on underground forum
A threat actor is advertising a โGmail Mailerโ service, claiming it can send emails through a Google.com-signed SMTP relay with high inbox placement and customizable templates.
โโโโโโโโโโโโโโโโโโโโ
Service: Gmail Mailer
Sector: Phishing Infrastructure / Spam Services / Cybercrime Tools
Incident: Mailer Service Advertisement
Exposure: Google.com-signed SMTP relay claims
Actor: Anon
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Google.com-signed SMTP mailer service
โช๏ธ Claims of direct Google relay delivery
โช๏ธ High inbox placement claims
โช๏ธ Multiple templates and custom input options
โช๏ธ Test access offered by the seller
Potential impact:
The advertised service could be used for phishing, spam campaigns, credential theft, business email compromise attempts, and impersonation of trusted email infrastructure.
Status:
Underground forum sale listing. The actor claims they are not selling the source code and are offering limited access to the mailer service.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising a โGmail Mailerโ service, claiming it can send emails through a Google.com-signed SMTP relay with high inbox placement and customizable templates.
โโโโโโโโโโโโโโโโโโโโ
Service: Gmail Mailer
Sector: Phishing Infrastructure / Spam Services / Cybercrime Tools
Incident: Mailer Service Advertisement
Exposure: Google.com-signed SMTP relay claims
Actor: Anon
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Google.com-signed SMTP mailer service
โช๏ธ Claims of direct Google relay delivery
โช๏ธ High inbox placement claims
โช๏ธ Multiple templates and custom input options
โช๏ธ Test access offered by the seller
Potential impact:
The advertised service could be used for phishing, spam campaigns, credential theft, business email compromise attempts, and impersonation of trusted email infrastructure.
Status:
Underground forum sale listing. The actor claims they are not selling the source code and are offering limited access to the mailer service.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations