1/2๐จ DragonForce Ransomware Claims 22 Victims
๐จ๐ฆ K Smart Associates - Canadian civil engineering and land-use planning consulting firm - 284.28 GB allegedly stolen
๐ฌ๐ง WSM - UK tax advisory and professional services firm - 119.23 GB allegedly stolen
๐บ๐ธ Northbridge - US venture capital firm focused on technology and innovation investments - 22.09 GB allegedly stolen
๐ณ๐ฑ Dunas Groen - Netherlands-based landscape design and garden supplies company - 21.9 GB allegedly stolen
๐ฌ๐ง Refreshment Systems - UK vending machine and refreshment services company - 178.24 GB allegedly stolen
๐ฌ๐ง Practicus - UK consulting firm specializing in interim management, executive search, and project management - 576.62 GB allegedly stolen
๐บ๐ธ NEMD Architects - US architecture firm providing functional and sustainable design services - 397.44 GB allegedly stolen
๐ฎ๐น Pieralisi - Italian industrial equipment manufacturer specializing in centrifugal separation systems - 1.31 TB allegedly stolen
๐บ๐ธ J.C. Ripberger Construction - US general contractor specializing in structural concrete, carpentry, and construction services - 44.07 GB allegedly stolen
๐ณ๐ฑ Profundo - Netherlands-based research organization focused on sustainability and social justice - 149.31 GB allegedly stolen
๐บ๐ธ Waypoint Business Solutions - US IT solutions provider offering hardware, software, and professional services - 9.68 GB allegedly stolen
๐ฌ๐ง ERH - UK traffic management solutions provider offering installation, maintenance, and commissioning services - 145.31 GB allegedly stolen
๐บ๐ธ Fabbrica - US design, development, and manufacturing company focused on high-quality fabrication work - 235.6 GB allegedly stolen
๐บ๐ธ Ramos Rheumatology - US rheumatology care center specializing in autoimmune disease treatment - 51.87 GB allegedly stolen
๐ฎ๐ฑ FWMK Law Offices - Israeli full-service law firm with expertise in high tech, mergers, acquisitions, and real estate - 585.52 GB allegedly stolen
๐บ๐ธ Henry Broch Foods - US food ingredient manufacturer and processor founded in 1941 - 77.21 GB allegedly stolen
๐บ๐ธ Denton Law Firm - US law firm focused on rapid response and legal solutions - 27.1 GB allegedly stolen
๐ฆ๐บ QLS Logistics - Australian e-waste and polystyrene recycling company serving retail and consumer markets - 554.65 GB allegedly stolen
๐จ๐ฆ Dubois Agrinovation - Canadian agricultural equipment and solutions company - 445.17 GB allegedly stolen
๐ฉ๐ช WG Neukรถlln - German housing cooperative offering apartments and residential services in Berlin - 33.64 GB allegedly stolen
๐จ๐ฆ Delbrook Capital Advisors - Canadian investment manager focused on the global materials sector - 252.45 GB allegedly stolen
๐บ๐ธ Greenway Technologies - US fire protection company based in Phoenix, Arizona - 23.5 GB allegedly stolen
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ฆ K Smart Associates - Canadian civil engineering and land-use planning consulting firm - 284.28 GB allegedly stolen
๐ฌ๐ง WSM - UK tax advisory and professional services firm - 119.23 GB allegedly stolen
๐บ๐ธ Northbridge - US venture capital firm focused on technology and innovation investments - 22.09 GB allegedly stolen
๐ณ๐ฑ Dunas Groen - Netherlands-based landscape design and garden supplies company - 21.9 GB allegedly stolen
๐ฌ๐ง Refreshment Systems - UK vending machine and refreshment services company - 178.24 GB allegedly stolen
๐ฌ๐ง Practicus - UK consulting firm specializing in interim management, executive search, and project management - 576.62 GB allegedly stolen
๐บ๐ธ NEMD Architects - US architecture firm providing functional and sustainable design services - 397.44 GB allegedly stolen
๐ฎ๐น Pieralisi - Italian industrial equipment manufacturer specializing in centrifugal separation systems - 1.31 TB allegedly stolen
๐บ๐ธ J.C. Ripberger Construction - US general contractor specializing in structural concrete, carpentry, and construction services - 44.07 GB allegedly stolen
๐ณ๐ฑ Profundo - Netherlands-based research organization focused on sustainability and social justice - 149.31 GB allegedly stolen
๐บ๐ธ Waypoint Business Solutions - US IT solutions provider offering hardware, software, and professional services - 9.68 GB allegedly stolen
๐ฌ๐ง ERH - UK traffic management solutions provider offering installation, maintenance, and commissioning services - 145.31 GB allegedly stolen
๐บ๐ธ Fabbrica - US design, development, and manufacturing company focused on high-quality fabrication work - 235.6 GB allegedly stolen
๐บ๐ธ Ramos Rheumatology - US rheumatology care center specializing in autoimmune disease treatment - 51.87 GB allegedly stolen
๐ฎ๐ฑ FWMK Law Offices - Israeli full-service law firm with expertise in high tech, mergers, acquisitions, and real estate - 585.52 GB allegedly stolen
๐บ๐ธ Henry Broch Foods - US food ingredient manufacturer and processor founded in 1941 - 77.21 GB allegedly stolen
๐บ๐ธ Denton Law Firm - US law firm focused on rapid response and legal solutions - 27.1 GB allegedly stolen
๐ฆ๐บ QLS Logistics - Australian e-waste and polystyrene recycling company serving retail and consumer markets - 554.65 GB allegedly stolen
๐จ๐ฆ Dubois Agrinovation - Canadian agricultural equipment and solutions company - 445.17 GB allegedly stolen
๐ฉ๐ช WG Neukรถlln - German housing cooperative offering apartments and residential services in Berlin - 33.64 GB allegedly stolen
๐จ๐ฆ Delbrook Capital Advisors - Canadian investment manager focused on the global materials sector - 252.45 GB allegedly stolen
๐บ๐ธ Greenway Technologies - US fire protection company based in Phoenix, Arizona - 23.5 GB allegedly stolen
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ The FBI has released a new FLASH Warning on Silent Ransome Group
The Silent Ransom Group (SRG), also tracked as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms through social engineering campaigns.
SRG actors commonly impersonate IT support through phone calls and phishing emails to gain access to victim systems. Once access is established, they exfiltrate data using legitimate remote access tools or, in some cases, by sending someone to the victim organizationโs physical location to access computers directly.
Although SRG has impacted organizations across sectors such as insurance, finance, and healthcare, the group has maintained a consistent focus on U.S.-based law firms since spring 2023.
PDF: https://www.ic3.gov/CSA/2026/260526.pdf
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The Silent Ransom Group (SRG), also tracked as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms through social engineering campaigns.
SRG actors commonly impersonate IT support through phone calls and phishing emails to gain access to victim systems. Once access is established, they exfiltrate data using legitimate remote access tools or, in some cases, by sending someone to the victim organizationโs physical location to access computers directly.
Although SRG has impacted organizations across sectors such as insurance, finance, and healthcare, the group has maintained a consistent focus on U.S.-based law firms since spring 2023.
PDF: https://www.ic3.gov/CSA/2026/260526.pdf
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โผ๏ธ Qilin Ransomware Claims 4 Victims
๐ฌ๐ง William Davis Homes
๐บ๐ธ Roofing Solutions
๐บ๐ธ Shocco Springs
๐บ๐ธ Mainstreet Organization of Realtors
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐ฌ๐ง William Davis Homes
๐บ๐ธ Roofing Solutions
๐บ๐ธ Shocco Springs
๐บ๐ธ Mainstreet Organization of Realtors
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ ๐ฒ๐ฝ A threat actor going by Black0ut_Exi is sharing an alleged data leak of Universidad de Ixtlahuaca (CUI), a Mexican university, on a popular cybercrime forum, claiming around 20,000 records.
โฃ Threat Actor: Black0ut_Exi (credited to "okami" / Exiliados #555)
โฃ Category: Alleged Data Leak
โฃ Target: Universidad de Ixtlahuaca CUI, Mexico
The actor claims the dataset includes student and personal records such as names, parents' surnames, dates of birth, gender, marital status, nationality, address, postal code, phone numbers, email addresses, CURP, school details, academic period, social media handles, employer, and academic standing. Authenticity is unverified.
Stop guessing what's redacted. Subscribers see everything: http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โฃ Threat Actor: Black0ut_Exi (credited to "okami" / Exiliados #555)
โฃ Category: Alleged Data Leak
โฃ Target: Universidad de Ixtlahuaca CUI, Mexico
The actor claims the dataset includes student and personal records such as names, parents' surnames, dates of birth, gender, marital status, nationality, address, postal code, phone numbers, email addresses, CURP, school details, academic period, social media handles, employer, and academic standing. Authenticity is unverified.
Stop guessing what's redacted. Subscribers see everything: http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โผ๏ธ The FBI is providing a Public Service Announcement (PSA) warning that cyber criminals are creating fake versions of FIFA's website ahead of the 2026 World Cup to steal personal information, sell counterfeit tickets and hospitality packages, and enable further fraud such as opening accounts in victims' names.
Attackers use "typo squatting" by registering domains that resemble http://fifa.com through misspellings (e.g., fiffa, filfa, wvvw-fifa), alternative top-level domains (.org, .cab, .pink, .click), or fake subdomains (jobs-fifa[.com, fifa-careerhub[.com).
The FBI has already identified roughly 30+ spoofed domains, including fifa-2026[.xyz, worldcup26ticket[.com, fifa-ticket[.live, and fifaworldcup26[.sale, and expects more to appear through the tournament.
PSA: https://www.ic3.gov/PSA/2026/PSA260527
IOCs provided by the FBI are below:
www.fifa[.]cab
www.fifa[.]pink
www.fifa[.]blue
www.fifa[.]pub
FIFA[.]city
Fifa[.]bio
fifa[.]beer
fifa[.]click
fifa[.]cam
fifa[.]ceo
fifa[.]help
filfa[.]org
fifa-online[.]com
https://fifa-2026[.]xyz
jobs-fifa[.]com
fifa-hr[.]com
fifa-careerhub[.]com
fifaworldcup-careers[.]com
fifa-hiring[.]com
fifahiring[.]com
fifa-ticket[.]live
http://fifastore.us[.]com
fifaworldcup26[.]sale
fifaworldcup26.xcover-staging[.]com
http://worldcup2026-tickets.com[.]mx
worldcup26ticket[.]com
2026fifaworldcuptickets[.]online
fwc2026[.]net
fwc2026.web[.]app
www.fifa2026p[.]com
fifa2026fworldcup[.]com
wvvw-fifa[.]com
ww-fifa[.]com
fifa-com[.]com
www.fifa-com[.]services
quiniela-fifa-2026.pages[.]dev
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Attackers use "typo squatting" by registering domains that resemble http://fifa.com through misspellings (e.g., fiffa, filfa, wvvw-fifa), alternative top-level domains (.org, .cab, .pink, .click), or fake subdomains (jobs-fifa[.com, fifa-careerhub[.com).
The FBI has already identified roughly 30+ spoofed domains, including fifa-2026[.xyz, worldcup26ticket[.com, fifa-ticket[.live, and fifaworldcup26[.sale, and expects more to appear through the tournament.
PSA: https://www.ic3.gov/PSA/2026/PSA260527
IOCs provided by the FBI are below:
www.fifa[.]cab
www.fifa[.]pink
www.fifa[.]blue
www.fifa[.]pub
FIFA[.]city
Fifa[.]bio
fifa[.]beer
fifa[.]click
fifa[.]cam
fifa[.]ceo
fifa[.]help
filfa[.]org
fifa-online[.]com
https://fifa-2026[.]xyz
jobs-fifa[.]com
fifa-hr[.]com
fifa-careerhub[.]com
fifaworldcup-careers[.]com
fifa-hiring[.]com
fifahiring[.]com
fifa-ticket[.]live
http://fifastore.us[.]com
fifaworldcup26[.]sale
fifaworldcup26.xcover-staging[.]com
http://worldcup2026-tickets.com[.]mx
worldcup26ticket[.]com
2026fifaworldcuptickets[.]online
fwc2026[.]net
fwc2026.web[.]app
www.fifa2026p[.]com
fifa2026fworldcup[.]com
wvvw-fifa[.]com
ww-fifa[.]com
fifa-com[.]com
www.fifa-com[.]services
quiniela-fifa-2026.pages[.]dev
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐2
๐จ ๐ซ๐ท A threat actor going by DumpsecIsBack is sharing an alleged data leak affecting multiple French companies including Biocoop, La Vie Claire, Naturalia, Satoriz, and Marcel & Fils on a popular cybercrime forum, claiming 5,635 company sales records.
โฃ Threat Actor: DumpsecIsBack
โฃ Category: Alleged Data Leak
โฃ Target: Biocoop, La Vie Claire, Naturalia, Satoriz, Marcel & Fils, others (France)
โฃ Format: CSV
The actor claims the dataset spans three files: 1,553 contact records, 5,640 company records, and 1,490 sales visit/appointment records, including names, roles, contact emails, phone numbers, company addresses, and detailed sales-visit notes. Samples were posted in the listing, with multiple file-sharing download links provided. The actor also announced plans for further leaks branded as "Black June" starting June 1, 2026. Authenticity is unverified.
Stop guessing what's redacted. Subscribers see everything: http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โฃ Threat Actor: DumpsecIsBack
โฃ Category: Alleged Data Leak
โฃ Target: Biocoop, La Vie Claire, Naturalia, Satoriz, Marcel & Fils, others (France)
โฃ Format: CSV
The actor claims the dataset spans three files: 1,553 contact records, 5,640 company records, and 1,490 sales visit/appointment records, including names, roles, contact emails, phone numbers, company addresses, and detailed sales-visit notes. Samples were posted in the listing, with multiple file-sharing download links provided. The actor also announced plans for further leaks branded as "Black June" starting June 1, 2026. Authenticity is unverified.
Stop guessing what's redacted. Subscribers see everything: http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐ญ1
๐จ ๐ซ๐ท A threat actor group going by AplaGroup is sharing an alleged data leak of Apogas Immobilier, a French real estate agency, on a popular cybercrime forum.
โโโโโโโโโโโโโโโโโโโโโโ
โ ๐ฏ AplaGroup
โ ๐ Alleged Data Leak
โ ๐ข Apogas Immobilier
โ ๐ซ๐ท France
โ ๐ Real Estate
โโโโโโโโโโโโโโโโโโโโโโ
The group claims the dataset includes an agents file with names, SIRET and VAT numbers, contact details, dates of birth, and marital status, plus a separate file of properties listed for sale. Authenticity is unverified.
Stop guessing what's redacted. Subscribers see everything: http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โโโโโโโโโโโโโโโโโโโโโโ
โ ๐ฏ AplaGroup
โ ๐ Alleged Data Leak
โ ๐ข Apogas Immobilier
โ ๐ซ๐ท France
โ ๐ Real Estate
โโโโโโโโโโโโโโโโโโโโโโ
The group claims the dataset includes an agents file with names, SIRET and VAT numbers, contact details, dates of birth, and marital status, plus a separate file of properties listed for sale. Authenticity is unverified.
Stop guessing what's redacted. Subscribers see everything: http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ซ๐ท Certificat ClรฉA allegedly targeted in database leak
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Certificat ClรฉA, the French professional skills certification platform.
The actor claims the dataset contains roughly 63,260 rows of certification, evaluation, and personal data.
๐ช๐ต๐ฎ๐'๐ ๐ฎ๐น๐น๐ฒ๐ด๐ฒ๐ฑ๐น๐ ๐ฒ๐ ๐ฝ๐ผ๐๐ฒ๐ฑ:
โข Civility, full name, and maiden name fields
โข First names and dates of birth
โข Postal codes and city of birth
โข Record creation, update, and send dates
โข Creator and proprietary site data
โข Establishment proprietor and evaluation site fields
โข Last evaluation date and evaluation type
โข Evaluator and jury certification details
โข Jury date, structure, and location
โข Action type and user fields
โข Establishment, site, and external ID metadata
๐๐ฒ๐๐ฎ๐ถ๐น๐:
๐ง๐ฎ๐ฟ๐ด๐ฒ๐: Certificat ClรฉA
๐๐ผ๐๐ป๐๐ฟ๐: France ๐ซ๐ท
๐ฆ๐ฒ๐ฐ๐๐ผ๐ฟ: Education / Certification
๐๐ฐ๐๐ผ๐ฟ: xMetah
๐๐น๐ฎ๐ถ๐บ: Leaked database
๐๐ ๐ฝ๐ผ๐๐๐ฟ๐ฒ: ~63,260 rows
๐ฃ๐ฟ๐ถ๐ฐ๐ฒ: 5 Points
๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฒ๐ฑ: May 27, 2026
๐ฅ Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Certificat ClรฉA, the French professional skills certification platform.
The actor claims the dataset contains roughly 63,260 rows of certification, evaluation, and personal data.
๐ช๐ต๐ฎ๐'๐ ๐ฎ๐น๐น๐ฒ๐ด๐ฒ๐ฑ๐น๐ ๐ฒ๐ ๐ฝ๐ผ๐๐ฒ๐ฑ:
โข Civility, full name, and maiden name fields
โข First names and dates of birth
โข Postal codes and city of birth
โข Record creation, update, and send dates
โข Creator and proprietary site data
โข Establishment proprietor and evaluation site fields
โข Last evaluation date and evaluation type
โข Evaluator and jury certification details
โข Jury date, structure, and location
โข Action type and user fields
โข Establishment, site, and external ID metadata
๐๐ฒ๐๐ฎ๐ถ๐น๐:
๐ง๐ฎ๐ฟ๐ด๐ฒ๐: Certificat ClรฉA
๐๐ผ๐๐ป๐๐ฟ๐: France ๐ซ๐ท
๐ฆ๐ฒ๐ฐ๐๐ผ๐ฟ: Education / Certification
๐๐ฐ๐๐ผ๐ฟ: xMetah
๐๐น๐ฎ๐ถ๐บ: Leaked database
๐๐ ๐ฝ๐ผ๐๐๐ฟ๐ฒ: ~63,260 rows
๐ฃ๐ฟ๐ถ๐ฐ๐ฒ: 5 Points
๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฒ๐ฑ: May 27, 2026
๐ฅ Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ง๐ท iGreen Energy allegedly targeted in massive database leak
A threat actor on an underground forum is claiming to have extracted and is selling a dataset allegedly originating from iGreen Energy, the Brazilian renewable energy company.
The actor claims the dataset contains roughly 5M total records across clients, consultants, financial, and operational data.
๐ช๐ต๐ฎ๐'๐ ๐ฎ๐น๐น๐ฒ๐ด๐ฒ๐ฑ๐น๐ ๐ฒ๐ ๐ฝ๐ผ๐๐ฒ๐ฑ:
โข 1M+ client records (CPF/CNPJ, RG, DOB, email, phone, full address, utility account numbers, contract history)
โข Plain-text passwords for tens of thousands of utility accounts (RGE, CEMIG, CEEE, EDP, CELESC, ELEKTRO, COPEL, ENEL, LIGHT, and others)
โข 94,859 consultant records with PIX keys, balances, and withdrawal history
โข 5,579 iGreenBank KYC accounts (CPF, mother's full name, KYC document type with issue date)
โข 205,246 financial withdrawal records (CPF, PIX key, amount, date)
โข 3.5M+ energy bill records (barcode, amount, due date, bill URL, kWh)
โข 88,498 telecom contracts, 17,420 solar contracts, 20 active auto insurance records (CPF, license plate, VIN/chassis, RENAVAM, ICCID, holder data)
โข 592 backoffice staff records (corporate email, access level, bcrypt + MD5 hashes)
โข 1,507 physical document files (IDs, utility bill photos, articles of incorporation, CNPJ cards) with predictable S3 URLs
๐๐ฒ๐๐ฎ๐ถ๐น๐:
๐ง๐ฎ๐ฟ๐ด๐ฒ๐: iGreen Energy
๐๐ผ๐๐ป๐๐ฟ๐: Brazil ๐ง๐ท
๐ฆ๐ฒ๐ฐ๐๐ผ๐ฟ: Energy / Renewables
๐๐ฐ๐๐ผ๐ฟ: masterblack
๐๐น๐ฎ๐ถ๐บ: Direct sale, dump extracted exclusively by actor
๐๐ ๐ฝ๐ผ๐๐๐ฟ๐ฒ: ~5M total records
๐ฃ๐ฟ๐ถ๐ฐ๐ฒ: Not disclosed (single buyer only, no bulk resale)
๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฒ๐ฑ: May 27, 2026
๐ฅ Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have extracted and is selling a dataset allegedly originating from iGreen Energy, the Brazilian renewable energy company.
The actor claims the dataset contains roughly 5M total records across clients, consultants, financial, and operational data.
๐ช๐ต๐ฎ๐'๐ ๐ฎ๐น๐น๐ฒ๐ด๐ฒ๐ฑ๐น๐ ๐ฒ๐ ๐ฝ๐ผ๐๐ฒ๐ฑ:
โข 1M+ client records (CPF/CNPJ, RG, DOB, email, phone, full address, utility account numbers, contract history)
โข Plain-text passwords for tens of thousands of utility accounts (RGE, CEMIG, CEEE, EDP, CELESC, ELEKTRO, COPEL, ENEL, LIGHT, and others)
โข 94,859 consultant records with PIX keys, balances, and withdrawal history
โข 5,579 iGreenBank KYC accounts (CPF, mother's full name, KYC document type with issue date)
โข 205,246 financial withdrawal records (CPF, PIX key, amount, date)
โข 3.5M+ energy bill records (barcode, amount, due date, bill URL, kWh)
โข 88,498 telecom contracts, 17,420 solar contracts, 20 active auto insurance records (CPF, license plate, VIN/chassis, RENAVAM, ICCID, holder data)
โข 592 backoffice staff records (corporate email, access level, bcrypt + MD5 hashes)
โข 1,507 physical document files (IDs, utility bill photos, articles of incorporation, CNPJ cards) with predictable S3 URLs
๐๐ฒ๐๐ฎ๐ถ๐น๐:
๐ง๐ฎ๐ฟ๐ด๐ฒ๐: iGreen Energy
๐๐ผ๐๐ป๐๐ฟ๐: Brazil ๐ง๐ท
๐ฆ๐ฒ๐ฐ๐๐ผ๐ฟ: Energy / Renewables
๐๐ฐ๐๐ผ๐ฟ: masterblack
๐๐น๐ฎ๐ถ๐บ: Direct sale, dump extracted exclusively by actor
๐๐ ๐ฝ๐ผ๐๐๐ฟ๐ฒ: ~5M total records
๐ฃ๐ฟ๐ถ๐ฐ๐ฒ: Not disclosed (single buyer only, no bulk resale)
๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฒ๐ฑ: May 27, 2026
๐ฅ Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Cyberattack News Alert
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Serpa
Domain:
Country: ๐ต๐ท PR
Date: May 27th, 2026
Summary:
The municipality of Serpa fell victim to an external cyberattack targeting its IT infrastructure. The incident was immediately reported to the relevant authorities, including the National Cybersecurity Centre. Although the system is considered secure, municipal services continue to operate under constraints, including the absence of fixed and mobile communications.
Source: https://www.vozdaplanicie.pt/index.php/noticias/camara-municipal-de-serpa-alvo-de-ataque-informatico
โโโโโโโโโโโโโโโโโโโโโโโโโ
Victim: Serpa
Domain:
cm-serpa.ptCountry: ๐ต๐ท PR
Date: May 27th, 2026
Summary:
The municipality of Serpa fell victim to an external cyberattack targeting its IT infrastructure. The incident was immediately reported to the relevant authorities, including the National Cybersecurity Centre. Although the system is considered secure, municipal services continue to operate under constraints, including the absence of fixed and mobile communications.
Source: https://www.vozdaplanicie.pt/index.php/noticias/camara-municipal-de-serpa-alvo-de-ataque-informatico
Rรกdio Voz da Planรญcie - 104.5FM - Beja
Autarquia de Serpa alvo de ataque informรกtico | Rรกdio Voz da Planรญcie - 104.5FM - Beja
A Cรขmara Municipal de Serpa informa atravรฉs da sua pรกgina de Facebook Serpa Terra Forte, que a infraestrutura informรกtica do municรญpio "foi alvo de um ataque externo, imediatamente reportado ร s autoridades competentes, designadamente ao Centro Nacional deโฆ
๐จ๐ฎ๐ณ 850M India Nationwide Identity Dataset allegedly listed for sale
A threat actor on an underground forum is claiming to sell a nationwide identity dataset allegedly originating from HITEK, containing telecom-linked Aadhaar records from India.
The actor claims the dataset contains roughly 850M records in JSON format (~109 GB).
๐ช๐ต๐ฎ๐'๐ ๐ฎ๐น๐น๐ฒ๐ด๐ฒ๐ฑ๐น๐ ๐ฒ๐ ๐ฝ๐ผ๐๐ฒ๐ฑ:
โข Full names
โข Father's names
โข Aadhaar numbers (if linked)
โข Full addresses
โข Mobile numbers
โข Alternative mobile numbers
โข Email addresses
๐๐ฒ๐๐ฎ๐ถ๐น๐:
๐ง๐ฎ๐ฟ๐ด๐ฒ๐: HITEK
๐๐ผ๐๐ป๐๐ฟ๐: India ๐ฎ๐ณ
๐ฆ๐ฒ๐ฐ๐๐ผ๐ฟ: Telecom / Identity
๐๐ฐ๐๐ผ๐ฟ: deb163
๐๐น๐ฎ๐ถ๐บ: Full PII / Telecom-linked Aadhaar records
๐๐ ๐ฝ๐ผ๐๐๐ฟ๐ฒ: ~850,000,000 records (~109 GB)
๐ฃ๐ฟ๐ถ๐ฐ๐ฒ: 8 Points
๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฒ๐ฑ: May 28, 2026
๐ฅ Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a nationwide identity dataset allegedly originating from HITEK, containing telecom-linked Aadhaar records from India.
The actor claims the dataset contains roughly 850M records in JSON format (~109 GB).
๐ช๐ต๐ฎ๐'๐ ๐ฎ๐น๐น๐ฒ๐ด๐ฒ๐ฑ๐น๐ ๐ฒ๐ ๐ฝ๐ผ๐๐ฒ๐ฑ:
โข Full names
โข Father's names
โข Aadhaar numbers (if linked)
โข Full addresses
โข Mobile numbers
โข Alternative mobile numbers
โข Email addresses
๐๐ฒ๐๐ฎ๐ถ๐น๐:
๐ง๐ฎ๐ฟ๐ด๐ฒ๐: HITEK
๐๐ผ๐๐ป๐๐ฟ๐: India ๐ฎ๐ณ
๐ฆ๐ฒ๐ฐ๐๐ผ๐ฟ: Telecom / Identity
๐๐ฐ๐๐ผ๐ฟ: deb163
๐๐น๐ฎ๐ถ๐บ: Full PII / Telecom-linked Aadhaar records
๐๐ ๐ฝ๐ผ๐๐๐ฟ๐ฒ: ~850,000,000 records (~109 GB)
๐ฃ๐ฟ๐ถ๐ฐ๐ฒ: 8 Points
๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฒ๐ฑ: May 28, 2026
๐ฅ Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โผ๏ธ New Dark Web Informer Blog Post!
Title: Brazilian Food-Delivery Giant iFood Targeted in Alleged 43.8M-Record Customer Data Extortion
Link: https://darkwebinformer.com/brazilian-food-delivery-giant-ifood-targeted-in-alleged-43-8m-record-customer-data-extortion/
Title: Brazilian Food-Delivery Giant iFood Targeted in Alleged 43.8M-Record Customer Data Extortion
Link: https://darkwebinformer.com/brazilian-food-delivery-giant-ifood-targeted-in-alleged-43-8m-record-customer-data-extortion/
Dark Web Informer
Brazilian Food-Delivery Giant iFood Targeted in Alleged 43.8M-Record Customer Data Extortion
A threat actor using the alias bacen claims to hold 43,847,219 Brazilian iFood customer records, said to include CPF national IDs, full names, emails, phone numbers, and credit-card data.
โผ๏ธ ShinyHunters has leaked 42 Million records of data from Charter Communications.
DentaQuest has also been relisted after being taken down due to possible negotiations.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
DentaQuest has also been relisted after being taken down due to possible negotiations.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
STIX endpoints will be available for users who subscribe to the API sometime tomorrow as promised. I just need to finish updating the docs.
https://darkwebinformer.com/api-details/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://darkwebinformer.com/api-details/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Dark Web Informer
API Subscription Access
๐ฅ1
โผ๏ธ New Dark Web Informer Blog Post!
Title: French Government Platform Resana Listed in Alleged 990K-Record User Data Sale
Link: https://darkwebinformer.com/french-government-platform-resana-listed-in-alleged-990k-record-user-data-sale/
Title: French Government Platform Resana Listed in Alleged 990K-Record User Data Sale
Link: https://darkwebinformer.com/french-government-platform-resana-listed-in-alleged-990k-record-user-data-sale/
Dark Web Informer
French Government Platform Resana Listed in Alleged 990K-Record User Data Sale
A threat actor using the alias xMetah claims to be selling a database allegedly belonging to Resana, a French government collaboration platform hosted on the state's numerique.gouv.fr domain.