π¨π«π· MediaVacances allegedly breached: 256K invoice and holiday rental records exposed from French vacation booking platform
A threat actor claims to have leaked a database tied to MediaVacances, a French holiday rental platform offering apartments, houses, cottages, and short-stay accommodations.
ββββββββββββββββββββ
Target: MediaVacances
Sector: Hospitality / Travel / Holiday Rentals
Incident: Database Leak
Exposure: 256K records / 188MB
Actor: ChimeraZ
Country: France
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Invoice records allegedly linked to MediaVacances
βͺοΈ Booking and rental listing-related records
βͺοΈ Customer billing and payment reference fields
βͺοΈ Invoice dates, invoice numbers, and transaction text fields
βͺοΈ Accommodation advertising and subscription-related details
βͺοΈ Company registration, VAT, and business identifier references
βͺοΈ Structured JSON records shared as proof of access
Potential impact:
The exposed data could be used for phishing, invoice fraud, booking impersonation, rental scams, and targeted social engineering against customers, hosts, and platform users.
Status:
Unverified underground forum claim. The actor posted JSON invoice samples and claims.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to MediaVacances, a French holiday rental platform offering apartments, houses, cottages, and short-stay accommodations.
ββββββββββββββββββββ
Target: MediaVacances
Sector: Hospitality / Travel / Holiday Rentals
Incident: Database Leak
Exposure: 256K records / 188MB
Actor: ChimeraZ
Country: France
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Invoice records allegedly linked to MediaVacances
βͺοΈ Booking and rental listing-related records
βͺοΈ Customer billing and payment reference fields
βͺοΈ Invoice dates, invoice numbers, and transaction text fields
βͺοΈ Accommodation advertising and subscription-related details
βͺοΈ Company registration, VAT, and business identifier references
βͺοΈ Structured JSON records shared as proof of access
Potential impact:
The exposed data could be used for phishing, invoice fraud, booking impersonation, rental scams, and targeted social engineering against customers, hosts, and platform users.
Status:
Unverified underground forum claim. The actor posted JSON invoice samples and claims.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub Advisories feed was updated with the following and is currently for Elite subscribers only:
βͺοΈRemoved the Unreviewed feed toggle and related JS logic. I didn't find it useful. When the CVE feed is available it will have everything.
βͺοΈAdded Priority / Newest sort, with Newestt as the default.
βͺοΈCollapsed CVSS/CWE/Ecosystem into Advanced filters by default.
βͺοΈImproved advisory cards with package/ecosystem/affected/fixed-version display.
βͺοΈAdded priority badges: Priority, Watch, Routine.
βͺοΈAdded a better error state with a Retry button.
βͺοΈPerformance improvements
βͺοΈBug fixes.
https://darkwebinformer.com/github-advisories-feed/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
βͺοΈRemoved the Unreviewed feed toggle and related JS logic. I didn't find it useful. When the CVE feed is available it will have everything.
βͺοΈAdded Priority / Newest sort, with Newestt as the default.
βͺοΈCollapsed CVSS/CWE/Ecosystem into Advanced filters by default.
βͺοΈImproved advisory cards with package/ecosystem/affected/fixed-version display.
βͺοΈAdded priority badges: Priority, Watch, Routine.
βͺοΈAdded a better error state with a Retry button.
βͺοΈPerformance improvements
βͺοΈBug fixes.
https://darkwebinformer.com/github-advisories-feed/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Dark Web Informer
GitHub Advisories Feed
β€1
Is there any interest in a phishing/scam intelligence feed?
Anonymous Poll
73%
Yes
15%
No
12%
Show Results
Pentest Agent Suite for Claude Code: Autonomous bug-bounty framework for Claude Code and 6 other AI coding tools - 50 agents, 26 commands, 19 CLI tools, 11 skills, 2 MCP servers.
GitHub: https://github.com/H-mmer/pentest-agents
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/H-mmer/pentest-agents
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
PF onion is having some issues right now.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π1
Lul...
CISA Admin Leaked AWS GovCloud Keys on GitHub
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
CISA Admin Leaked AWS GovCloud Keys on GitHub
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
Krebs on Security
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems.β¦
π2
Media is too big
VIEW IN TELEGRAM
YellowKey PoC Demo to Bypass Bitlocker
GitHub: https://github.com/Nightmare-Eclipse/YellowKey
Video Credit: youtube.com/@encrypt0r
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/Nightmare-Eclipse/YellowKey
Video Credit: youtube.com/@encrypt0r
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
βΌοΈ New Dark Web Informer Blog Post!
Title: Daily Dose of Dark Web Informer - May 18th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-18th-2026/
Title: Daily Dose of Dark Web Informer - May 18th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-18th-2026/
Dark Web Informer
Daily Dose of Dark Web Informer - May 18th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
π¨π³π¬ General Directorate of Public Accounting and Treasury of Nigeria allegedly breached: 70GB of government financial and employee data leaked
A threat actor claims to have leaked data tied to the General Directorate of Public Accounting and Treasury of Nigeria (DGCPT) following an alleged ransomware-related cyberattack.
ββββββββββββββββββββ
Target: General Directorate of Public Accounting and Treasury of Nigeria
Sector: Government / Public Finance / Treasury
Incident: Data Breach / Ransomware Leak
Exposure: 70GB+
Actor: 0xSec
Country: Nigeria
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Government employee records allegedly linked to DGCPT systems
βͺοΈ Employee ID, first name, and last name fields
βͺοΈ Phone number and contact-related data
βͺοΈ Bank, branch, and account-related fields
βͺοΈ Additional financial identifiers referenced in SQL files
βͺοΈ Multiple SQL database files containing employee and treasury-related records
Potential impact:
The exposed data could be used for identity theft, payroll fraud, banking fraud, phishing, impersonation, and targeted social engineering against government employees and financial administration contacts.
Status:
Unverified underground forum claim. The actor states the archive contains more than 70GB of exfiltrated data and references multiple SQL files.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked data tied to the General Directorate of Public Accounting and Treasury of Nigeria (DGCPT) following an alleged ransomware-related cyberattack.
ββββββββββββββββββββ
Target: General Directorate of Public Accounting and Treasury of Nigeria
Sector: Government / Public Finance / Treasury
Incident: Data Breach / Ransomware Leak
Exposure: 70GB+
Actor: 0xSec
Country: Nigeria
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Government employee records allegedly linked to DGCPT systems
βͺοΈ Employee ID, first name, and last name fields
βͺοΈ Phone number and contact-related data
βͺοΈ Bank, branch, and account-related fields
βͺοΈ Additional financial identifiers referenced in SQL files
βͺοΈ Multiple SQL database files containing employee and treasury-related records
Potential impact:
The exposed data could be used for identity theft, payroll fraud, banking fraud, phishing, impersonation, and targeted social engineering against government employees and financial administration contacts.
Status:
Unverified underground forum claim. The actor states the archive contains more than 70GB of exfiltrated data and references multiple SQL files.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨π§π· Econet Editora allegedly breached: 163GB full database advertised for sale from Brazilian education publishing platform
A threat actor claims to be selling a full database tied to Econet Editora, a Brazilian publishing platform focused on educational content, books, digital resources, and learning materials for students and educators.
ββββββββββββββββββββ
Target: Econet Editora
Sector: Education / Publishing / Digital Learning
Incident: Database Leak / Data Sale
Exposure: 163GB
Actor: [Citizen] joaoestrella
Country: Brazil
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Full database allegedly linked to Econet Editora
βͺοΈ Email address fields
βͺοΈ Plaintext password claims
βͺοΈ User/account-related database records
βͺοΈ Platform and publishing service data
βͺοΈ Database and table listings shared as proof
βͺοΈ Additional unspecified internal records referenced by the actor
Potential impact:
The exposed data could be used for credential stuffing, account takeover, phishing, identity theft, and targeted scams against students, educators, and platform users.
Status:
Unverified underground forum sale listing. The actor claims the database totals 163GB and includes emails, plaintext passwords, and additional database content.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a full database tied to Econet Editora, a Brazilian publishing platform focused on educational content, books, digital resources, and learning materials for students and educators.
ββββββββββββββββββββ
Target: Econet Editora
Sector: Education / Publishing / Digital Learning
Incident: Database Leak / Data Sale
Exposure: 163GB
Actor: [Citizen] joaoestrella
Country: Brazil
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Full database allegedly linked to Econet Editora
βͺοΈ Email address fields
βͺοΈ Plaintext password claims
βͺοΈ User/account-related database records
βͺοΈ Platform and publishing service data
βͺοΈ Database and table listings shared as proof
βͺοΈ Additional unspecified internal records referenced by the actor
Potential impact:
The exposed data could be used for credential stuffing, account takeover, phishing, identity theft, and targeted scams against students, educators, and platform users.
Status:
Unverified underground forum sale listing. The actor claims the database totals 163GB and includes emails, plaintext passwords, and additional database content.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Forwarded from FBI Watchdog Alerts by Dark Web Informer
β οΈ FBI Watchdog - WHOIS Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breached.st
Record Type: WHOIS Change
Time Detected: 2026-05-19 01:23:42 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: breached.st
Record Type: WHOIS Change
Time Detected: 2026-05-19 01:23:42 UTC
Previous Records:
status: ['ok']
New Records:
status: ['ok'] β ['clienttransferprohibited']
π2
Hackers laying it on thick...
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨πΊπΈ Peetβs Coffee allegedly breached: 115K customer records exposed from U.S. coffee retail database
A threat actor claims to have leaked part of a customer database tied to Peetβs Coffee, a U.S. coffee retailer and cafΓ© chain known for its specialty coffee products and retail locations.
ββββββββββββββββββββ
Target: Peetβs Coffee
Sector: Retail / Food & Beverage / Customer Data
Incident: Database Leak
Exposure: 115,000 records / 120MB
Actor: zSenior
Country: United States
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Customer records allegedly linked to Peetβs Coffee
βͺοΈ First name and last name fields
βͺοΈ Primary email address fields
βͺοΈ Primary phone number fields
βͺοΈ Full address and street address fields
βͺοΈ City, state, and ZIP code records
βͺοΈ Customer profile and contact metadata
βͺοΈ Partial sample data shared through the forum thread
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, account targeting, and retail scam campaigns against Peetβs Coffee customers.
Status:
Unverified underground forum claim. The actor posted sample customer records and claims a 5K-record partial leak is available through hidden forum content.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked part of a customer database tied to Peetβs Coffee, a U.S. coffee retailer and cafΓ© chain known for its specialty coffee products and retail locations.
ββββββββββββββββββββ
Target: Peetβs Coffee
Sector: Retail / Food & Beverage / Customer Data
Incident: Database Leak
Exposure: 115,000 records / 120MB
Actor: zSenior
Country: United States
Date: 18/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Customer records allegedly linked to Peetβs Coffee
βͺοΈ First name and last name fields
βͺοΈ Primary email address fields
βͺοΈ Primary phone number fields
βͺοΈ Full address and street address fields
βͺοΈ City, state, and ZIP code records
βͺοΈ Customer profile and contact metadata
βͺοΈ Partial sample data shared through the forum thread
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, account targeting, and retail scam campaigns against Peetβs Coffee customers.
Status:
Unverified underground forum claim. The actor posted sample customer records and claims a 5K-record partial leak is available through hidden forum content.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨π²π½ Escuela Normal Experimental allegedly breached: 3,414 student/application records exposed from Mexican school database
A threat actor claims to have leaked a database tied to Escuela Normal Experimental in Mexico, allegedly exposing student and application-related records from an education system.
ββββββββββββββββββββ
Target: Escuela Normal Experimental
Sector: Education / School Administration
Incident: Database Leak
Exposure: 3,414 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Student and application records allegedly linked to the school
βͺοΈ Application folio and request status fields
βͺοΈ CURP identity-related fields
βͺοΈ Names, paternal surnames, and maternal surnames
βͺοΈ Age, birth date, gender, nationality, and birth entity fields
βͺοΈ Email, fixed phone, and mobile phone fields
βͺοΈ Address and municipality-related records
βͺοΈ School file and subsystem-related administrative fields
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Escuela Normal Experimental in Mexico, allegedly exposing student and application-related records from an education system.
ββββββββββββββββββββ
Target: Escuela Normal Experimental
Sector: Education / School Administration
Incident: Database Leak
Exposure: 3,414 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Student and application records allegedly linked to the school
βͺοΈ Application folio and request status fields
βͺοΈ CURP identity-related fields
βͺοΈ Names, paternal surnames, and maternal surnames
βͺοΈ Age, birth date, gender, nationality, and birth entity fields
βͺοΈ Email, fixed phone, and mobile phone fields
βͺοΈ Address and municipality-related records
βͺοΈ School file and subsystem-related administrative fields
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨π²π½ Instituto TecnolΓ³gico del Istmo allegedly breached: 3,640 student/application records exposed from Oaxaca education database
A threat actor claims to have leaked a database tied to Instituto TecnolΓ³gico del Istmo in Oaxaca, Mexico, allegedly exposing student and application-related records from an education system.
ββββββββββββββββββββ
Target: Instituto TecnolΓ³gico del Istmo
Sector: Education / Higher Education / School Administration
Incident: Database Leak
Exposure: 3,640 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Student and application records allegedly linked to the institute
βͺοΈ Application folio and request status fields
βͺοΈ CURP identity-related fields
βͺοΈ Names, paternal surnames, and maternal surnames
βͺοΈ Age, birth date, gender, nationality, and birth entity fields
βͺοΈ Email, fixed phone, and mobile phone fields
βͺοΈ Address, state, and municipality-related records
βͺοΈ Administrative school system fields tied to application workflows
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Instituto TecnolΓ³gico del Istmo in Oaxaca, Mexico, allegedly exposing student and application-related records from an education system.
ββββββββββββββββββββ
Target: Instituto TecnolΓ³gico del Istmo
Sector: Education / Higher Education / School Administration
Incident: Database Leak
Exposure: 3,640 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
ββββββββββββββββββββ
Whatβs allegedly included:
βͺοΈ Student and application records allegedly linked to the institute
βͺοΈ Application folio and request status fields
βͺοΈ CURP identity-related fields
βͺοΈ Names, paternal surnames, and maternal surnames
βͺοΈ Age, birth date, gender, nationality, and birth entity fields
βͺοΈ Email, fixed phone, and mobile phone fields
βͺοΈ Address, state, and municipality-related records
βͺοΈ Administrative school system fields tied to application workflows
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π¨Death Stealer 2026 advertised: information-stealing malware post shared on underground forum
A forum user is advertising βDeath Stealer 2026,β described as an information-stealing malware concept associated with credential theft, browser data collection, and unauthorized extraction of sensitive user data.
ββββββββββββββββββββ
Service: Death Stealer 2026
Sector: Malware / Info-Stealer / Cybercrime Tools
Incident: Malware Advertisement
Exposure: Credential theft and browser data collection tool
Actor: Jake Elliott
Country: Unknown / Global
Date: 19/05/2026
ββββββββββββββββββββ
Whatβs being advertised:
βͺοΈ Information-stealing malware branded as βDeath Stealer 2026β
βͺοΈ Credential and browser data targeting claims
βͺοΈ Sensitive application and system data collection references
βͺοΈ External server communication for stolen data transfer
βͺοΈ Malware behavior framed around stealth and detection avoidance
βͺοΈ VirusTotal scan result section referenced in the post
βͺοΈ Download link section included by the actor
Potential impact:
The advertised tool could be used for credential theft, account takeover, financial fraud, identity theft, and broader compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The post presents a short malware summary, key capabilities, scan-result references, and a download section.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A forum user is advertising βDeath Stealer 2026,β described as an information-stealing malware concept associated with credential theft, browser data collection, and unauthorized extraction of sensitive user data.
ββββββββββββββββββββ
Service: Death Stealer 2026
Sector: Malware / Info-Stealer / Cybercrime Tools
Incident: Malware Advertisement
Exposure: Credential theft and browser data collection tool
Actor: Jake Elliott
Country: Unknown / Global
Date: 19/05/2026
ββββββββββββββββββββ
Whatβs being advertised:
βͺοΈ Information-stealing malware branded as βDeath Stealer 2026β
βͺοΈ Credential and browser data targeting claims
βͺοΈ Sensitive application and system data collection references
βͺοΈ External server communication for stolen data transfer
βͺοΈ Malware behavior framed around stealth and detection avoidance
βͺοΈ VirusTotal scan result section referenced in the post
βͺοΈ Download link section included by the actor
Potential impact:
The advertised tool could be used for credential theft, account takeover, financial fraud, identity theft, and broader compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The post presents a short malware summary, key capabilities, scan-result references, and a download section.
Stop guessing what's redacted. Subscribers see everything β darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations